Background
Member Login
menu

Microsoft’s GitHub Account Got Hacked, With Private Repositories Stolen

11/05/2020

A hacking group called The Shiny Hunters managed to hack into Microsoft's GitHub account by taking over a Microsoft employee's credential.

Doing so, the hacker group also got access to some of the company’s “private” repositories on GitHub.

While some Microsoft engineers initially downplayed the incident by calling it “a scam”, they later retracted their comments after some employees confirmed its partial authenticity.

This was after knowing that the leaked data included files from Rust for the Windows Runtime and WSSD Cloud Agent.

The hacker is believed to have access 1,200 private Microsoft repositories, with the hacker then leaking some of the stolen project public on hacking forums.

Fortunately for Microsoft, it appeared that the hacker didn't have access to the source code of any of the company's significant projects, like Windows and Office, that according to a report based on what several Microsoft employees said. The leaked projects also didn't have any critical or sensitive information.

Screenshot provided by the hacker showing access to Microsoft’s account
Screenshot provided by the hacker showing access to Microsoft’s account.
"This access led them to download approximately 500 GB of data which they planned to sell at first rebut then later just decided to let it go for free in Robin-Hood style."

It didn't take long until Microsoft stepped in, and blocked the hacker's access to its GitHub account.

This was confirmed by Shiny Hunter.

While reports reported that the hack was real, some of the data was said to have some Chinese text and other references that suggested that it might not actually be from Microsoft after all.

Furthermore, it was said that the leaked data mainly consisted of code samples, test projects, some e-books and the likes. Some came to the conclusion that the hack which probably happened on March 28, may not be legitimate.

But still, GitHub as the most popular software development platform with more than 40 million developers as users, is no stranger to hack or DDoS attempts.

It was only back in 2018 that Microsoft acquired GitHub.

At the time, many people questioned what Microsoft the tech giant would do to the famous open-source community website. Many wondered how GitHub would be affected, with many developers started concerning the future of GitHub.

Fortunately, Microsoft did nothing to GitHub other than improving it in with a well-executed strategy.

This simply answered everyone's concerns.

In this hacking case, the hacker group is said to be the same culprit behind the leaked 15 million records from Tokopedia, Indonesia’s largest e-commerce platform.

A Microsoft spokesperson said that the company is investigating the incident, but without detailing much.