Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Programming IT

Microsoft's GitHub Account Allegedly Hacked, 500GB Stolen (bleepingcomputer.com) 43

Posted by msmash from the security-woes dept.
A hacker claims to have stolen over 500GB of data from Microsoft's private GitHub repositories, BleepingComputer reports. From the report: This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full access to the software giant's 'Private' repositories. The individual told us that they then downloaded 500GB of private projects and initially planned on selling it, but has now decided to leak it for free. Based on the file stamps in the leaked files, the breach may have occurred on March 28th, 2020.
This discussion has been archived. No new comments can be posted.

Microsoft's GitHub Account Allegedly Hacked, 500GB Stolen More

Microsoft's GitHub Account Allegedly Hacked, 500GB Stolen

Comments Filter:

  • Lots of companies getting hacked recently (Score:5, Insightful)

    by xack ( 5304745 ) on Thursday May 07, 2020 @01:53PM (#60033056)
    Nitnendo, Sony, SaltStack, now Microsoft. Is it time we decided that the cloud meme should be evaporated.

    • Re:Lots of companies getting hacked recently (Score:5, Interesting)

      by jellomizer ( 103300 ) on Thursday May 07, 2020 @02:02PM (#60033076)

      out of work people = bored people (as they are not working)
      out of work people = desperate people (as they are not getting paid)
      hacking cause = board people (It is something mentally simulating to do)
      hacking cause = desperate people (they need money to survive by any means necessary)

      A lot of out of work people = a lot of hacking.

      Back in 2003-2005 After the tech bubble popped and jobs were replaced with Indian Outsourcing, we had a rise in Viruses/Worms that hit our infrastructure hard.

      • Re:Lots of companies getting hacked recently (Score:4, Interesting)

        by LostMyAccount ( 5587552 ) on Thursday May 07, 2020 @03:02PM (#60033252)

        I wonder if there is any anarchist motivation.

        I mean, we're kind of on the edge of the apocalypse here. The virus itself can be managed if competent people are allowed to do their job, but add in the economic meltdown and you don't need to layer too many other things in before it gets hard to fix any of it and the system breaks.

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        When the lockdown started in the UK there was a random news story on the BBC titled "Lagos lockdown over coronavirus: 'How will my children survive?" -

        https://www.bbc.co.uk/news/wor... [bbc.co.uk]

        I facetiously joked to my friend that maybe they can start running 419 scams again or something.

        I now get around five 419 scams sent to me a week, despite not having had one in about a decade prior to the lockdown. I'll give them credit though, their imagination has certainly been running wild, I've had everything from the Uni

      • I was actually thinking in some cases maybe an employee made a boneheaded decision to make it easier to work on things from home. Probably not what happened here since we're talking about Github. I vote boredom for this one.

    • And that's the big companies that make the news.

      The small companies have been letting you log in to accounts with any password.

    • Re: (Score:2, Interesting)

      by Opportunist ( 166417 )

      cloud, English, homonym to klaut, German, he/she/it steals.

    • Re: (Score:2)

      by syn3rg ( 530741 )
      Did the Simpsons predict this too [kym-cdn.com]?

    • Trades from RAIDs to instance shares
      with outsourced staffing in the air
      and ready storage everywhere
      I've looked at clouds that way

      And now they don't just come from Sun
      They're put online by everyone
      with promises they'll always run
      and keep the crooks at bay

      I've looked at clouds from both sides now
      from boot to crash, and still somehow
      With all the hype that I recall
      I really don't trust clouds at all.

  • Yea I know it passed the strong password check. However it can be easily guessed.

    • It's internally represented by MICR0O~1 rather than MICROS~1 (O -> 0, $ skipped), so it's already two characters away.

  • Can't even use this as landfill.

  • GitHub isn't supposed to be secret (Score:1)

    by Anonymous Coward
    While embarrassing if true, I can't see this being a big deal. If the repositories were actually secret, they wouldn't have been on GitHub. The "private" GitHub repositories that Microsoft has are just staging for repositories that will be public within a couple weeks, which the article says:

    Msft has a “rule” that GitHub repos must be public within 30 days.

  • If we've got the source, maybe we can resurrect Microsoft Bob!

  • Comment removed based on user account deletion

    • Re: (Score:2)

      by Bert64 ( 520050 )

      i wonder if windows 7 source code and bug list was included.

      There was only 500gb of data, so it can't have included the windows bug list...

  • Fake (Score:5, Informative)

    by Artem S. Tashkinov ( 764309 ) on Thursday May 07, 2020 @02:51PM (#60033214) Homepage

    This,

    Microsoft employee Sam Smith replied to Under the Breach's tweet stating that he thought the leak was fake as "Msft has a âoeruleâ that GitHub repos must be public within 30 days."

    completely invalidates this news piece.

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      This,

      Microsoft employee Sam Smith replied to Under the Breach's tweet stating that he thought the leak was fake as "Msft has a Ãoeruleà that GitHub repos must be public within 30 days."

      completely invalidates this news piece.

      Not really. The hacker decoded to leak it for free, probably after realizing this policy. After all, if it has to be public in 30 days, they can delay a couple of weeks and boom, the value of his stolen repos goes to nothing.

      Hacker probably thought he had something, then re

  • (overheard at the all-hands meeting)

    We now have a backup...out there

  • Too bad this wasn't the source to Windows or Office or something similar. Seeing bug fixes and new features for Microsoft coming from open source devs would be amusing.

  • ...they then downloaded 500GB of private projects...

    So somebody downloaded a copy of their source code. They're not depriving anybody of it. In fact, they're spreading it around for free & helping Microsoft with their sincere commitment to open source software. What's the big deal?

    • Unclear if you're attempting to be funny or not, but if you're serious, I'll just say that words have meanings and you would do well to look up what stolen means.

      • copyright violation isn't theft.

        • You wouldn't download a car. Right?

        • My earlier reply applies equally to you. Words have meaning. Look up steal. Here's MW https://www.merriam-webster.com/dictionary/steal [merriam-webster.com]

          There can be theft without copyright coming into play at all.

          If you had a personal, private diary and someone illicitly copied the contents and disseminated them, would you just say "fair game, it's just copyright violation?" (ignoring the fact that you almost certainly didn't copyright your journal.)

          • We're not talking about a person private diary.

            Also, you're wrong about your diary, it does have copyright protection, look it up.

            The intention of copyright was to provide a short time for author to get money from his work, but then for thing to pass into common society's cultural heritage.

            But power and money grubbing scum, entertainment cartel parasites, with lawmakers in their pockets extended copyright to absurd amounts of time, and software in common use most certainly should be something that quickly b

  • Oh the ironing (Score:2, Insightful)

    by Trogre ( 513942 )

    Just when they're falling over themselves to convince governments how trustworthy and secure they are and that everyone should put all their shit on their servers.

    Couldn't have happened to a nicer company.

  • Hackers always look for how to tear down anything, it happened to me while watching movies on 123movies [ilearning.me] , my pc stopped working

Slashdot Top Deals

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Close