Posted on May 8, 2020 at 11:02 AM
Hacker Compromised Microsoft’s Private GitHub Accounts
A small number of Microsoft employee’s GitHub accounts were recently attacked as some of the firm’s private GitHub repositories were compromised. However, the hacker was not able to gain access to any major apps or compromise any vital system.
The infiltration occurred in March and was only known this week when the hacker announced he was publishing the details of the hack in a darknet forum.
From the information gathered from some Microsoft employees, a small portion of the stolen files was genuine. But the hackers could not access the source code of any Microsoft’s core project such as Office and Windows.
Important data not compromised
Cybersecurity firms Under The Breach and Nightlion Security secured copies of the files the hackers leaked on the darknet. The details include a list of all directories and files the hackers stole from the private GitHub repositories of Microsoft. The security firms also received data on some private Microsoft projects.
Microsoft employees also confirmed the leak
Microsoft writer Mary Jo Foley spoke to some of the Microsoft engineers, who wanted to stay anonymous, regarding the recent compromise of data by hackers.
There is now confirmation that directories and files on the list released by the hackers actually contain projects stored as private repositories in Microsoft’s GitHub account. Some Microsoft employees also confirmed the authenticity of the leaked data.
The Microsoft engineers who were still arguing that the leak was a hoax have now retraced their initial comments when the news about the leak spread within the company. Other employees who initially commented that the leak was a scam have since deleted their tweets after more reports about the leak emerged.
Others gave partial authenticity of the leak because a huge part of the directories and files released by the hacker was not related to any project from Microsoft. Some of them have no affiliation with any Microsoft project or any open-source project that has been active for many years. But it’s still not clear how the hackers were able to get hold of the GitHub repositories.
Reports also revealed that none of the projects stolen by the hackers is even remotely vital or sensitive. The GitHub Microsoft account is utilized for hosting private projects which are made available in the future under an open-source license. They are also available for sharing and hosting open-source documentation and projects.
Additionally, some Microsoft employees revealed that their private projects which Microsoft hosted on the GitHub account were not part of the list the hacker released earlier. That means the hackers were only able to access a small portion of the non-sensitive data stored in Microsoft account.
However, the only concern for the stealing of sensitive data could be from some projects containing API credentials and access tokens Microsoft may now have to revoke.
The vulnerability has been patched
As security firm Under The Breach has reported, the Microsoft employees may have discovered the vulnerable employee GitHub account. The security firm got first-hand information from the hacker. It confirmed that the hacker no longer has access to Microsoft’s private GitHub repositories because Microsoft may have discovered and patched the vulnerability.
Same hacker behind Tokopedia hacker leaks
The hacker responsible for this latest hack was still responsible for the Tokopedia hacking incident earlier reported last week.
The hacker compromised the accounts of 15 million registered users on Tokopedia, the largest online store in Indonesia. He decided to release them on the darknet.
The hacker claimed the hacking incident occurred in March and the hack contained only a small portion of the platform’s user database.
The hacker also revealed it shared the 15 million user samples hoping that someone could decipher the passwords and use them to access user accounts. From the information provided by the hacker, it appears the accounts of the Microsoft private GitHub repos and Tokopedia user data were compromised within the same period.