Hackers have penetrated into several GitHub accounts in order to erase code repositories and then ask for ransom from the owners of the account in the form of Bitcoin. If their demands are not met, they promise to leak these codes or make use of it themselves.
392 GitHub Repositories Attacked So far
About 392 different GitHub repositories have been attacked by the hacker who left a note asking them for 0.1BTC ($558) in ransom and an email which shows that the money has been paid. Other companies which have become victims of this attack include GitLab and Bitbucket.
The hackers are reportedly removing the code on these repositories by logging into accounts by using weak passwords or credentials which were leaked over various services.
GitHub released a publication which stated that:
“At this time, it appears that account credentials of some of our users have been compromised as a result of unknown third-party exposures. We are working with the affected users to secure and restore their accounts.”
A security researcher at Atlassian called Motherboard who also the founder of Bitbucket made it known that at least 1,000 users might have been victims of the attacks, however, due to that many repositories are public and there are several largely unused and poor projects on GitHub, it is still not known whether any worthy code has been attacked.
Bitbucket has revealed that it intends to recover repositories which were affected as soon as possible. Also, another victim made it known that he was able to restore the affected code by “accessing a commit’s hash.”
No Ransom Paid So Far
After checking the hackers’ bitcoin address, it was discovered that they have not been paid any ransom and the current account balance showed a total transaction of 0.0005 BTC transaction. However, in order to ensure that its users are secured, GitHub and the other services are introducing the use of two-factor authentication approach.