Report: Microsoft’s GitHub Account Gets Hacked


Hackers have broken into Microsoft’s GitHub account and stolen 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports. A group that calls itself Shiny Hunters claims it stole and then leaked the data, which did not appear to include any critical or sensitive information. The data was then posted on hacker forum, according to a [multiple reports](<https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen/>). This modus operandi behind the Shiny Hunters cybergang is slightly different than how the group has operated in the past. Researchers last week observed Shiny Hunters [stealing log-in data](<https://www.hackread.com/tokopedia-hacked-login-details-sold-on-dark-web/>) for 91 millions users of Indonesia’s largest e-commerce platform, Tokopedia, and then selling it on the dark web for $5,000. [![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)In its latest hack, the group provided a [screenshot to reporters](<https://www.hackread.com/hackers-breach-microsoft-github-account-steal-500gb-data/>) at news site Hack Read that showed a list of private files from Microsoft’s open-source developer repository to prove their infiltration of the company’s private account. The list includes files such as Rust for the Windows Runtime and Wssd Cloud Agent. “This access led them to download approximately 500 GB of data which they planned to sell at first rebut then later just decided to let it go for free in Robin-Hood style,” according to the report. One way the hackers did that was to post 1 GB of the data on a hacker forum and allow users to access it through the site’s built-in credits, according to reports. However, the data used Chinese text and other references that suggested it might not actually be from Microsoft. > 🚨 – Hackers behind [#Indonesia](<https://twitter.com/hashtag/Indonesia?src=hash&ref_src=twsrc%5Etfw>)'s [#Tokopedia](<https://twitter.com/hashtag/Tokopedia?src=hash&ref_src=twsrc%5Etfw>) breach are now claiming to have breached Microsoft's [#GitHub](<https://twitter.com/hashtag/GitHub?src=hash&ref_src=twsrc%5Etfw>) account and stealing 500GB of data. ⚠️ > > Read: <https://t.co/u1pPfjc2OH>[#Security](<https://twitter.com/hashtag/Security?src=hash&ref_src=twsrc%5Etfw>) [#Breach](<https://twitter.com/hashtag/Breach?src=hash&ref_src=twsrc%5Etfw>) [#Microsoft](<https://twitter.com/hashtag/Microsoft?src=hash&ref_src=twsrc%5Etfw>) [#Hacking](<https://twitter.com/hashtag/Hacking?src=hash&ref_src=twsrc%5Etfw>) [#CyberSecurity](<https://twitter.com/hashtag/CyberSecurity?src=hash&ref_src=twsrc%5Etfw>) > > — HackRead.com (@HackRead) [May 7, 2020](<https://twitter.com/HackRead/status/1258483335929769994?ref_src=twsrc%5Etfw>) Still, while the leaked data seems to mainly be comprised of code samples, test projects, eBooks, and the like, the breach—which probably happened on March 28–does appear to be legitimate. Under the Breach, a data-breach monitoring firm, [Tweeted](<https://twitter.com/HackRead/status/1258483335929769994>) the Hack Read post and told the publication that it was highly likely that Microsoft had been hacked. [![](https://media.threatpost.com/wp-content/uploads/sites/103/2016/12/06232101/github-150x150.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2016/12/06232101/github.png>)Shiny Hunters told Hack Read that they no longer have access to Microsoft’s GitHub account, so the company has time to investigate and inform its users of any consequences of the breach, according to the report. Microsoft has yet to respond to Hack Read’s request for breach confirmation. GitHub is a popular software development platform that provides hosting software to about 40 million developers, who use it for version control of their software. Microsoft [acquired GitHub](<https://news.microsoft.com/2018/06/04/microsoft-to-acquire-github-for-7-5-billion/>) for $7.5 billion in October 2018. The platform is no stranger to cyber-attacks, and has experienced some notable data breaches before that affected developer repositories. In 2016, threat actors [used credentials](<https://threatpost.com/breached-credentials-used-to-access-github-repositories/118746/>) that had been compromised in other breaches to try to access developer repositories, forcing a password reset of those accounts, researchers said. The next year, owners of Github repositories were the target of [a phishing campaign](<https://threatpost.com/github-repository-owners-targeted-by-data-stealing-malware/124656/>) spreading the Dimnie malware, which can steal data through keyloggers and modules that take screenshots, according to researchers. **_Inbox security is your best defense against today’s fastest growing security threat – phishing and Business Email Compromise attacks. _**[**_On May 13 at 2 p.m. ET_**](<https://register.gotowebinar.com/register/5064791868226032141?source=ART>)**_, join Valimail security experts and Threatpost for a FREE webinar, _**[**_5 Proven Strategies to Prevent Email Compromise_**](<https://register.gotowebinar.com/register/5064791868226032141?source=ART>)**_. Get exclusive insights and advanced takeaways on how to lockdown your inbox to fend off the latest phishing and BEC assaults. Please _**[**_register here _**](<https://register.gotowebinar.com/register/5064791868226032141?source=ART>)**_for this sponsored webinar._**