A hacker claims that they have stolen 500 GB of data from GitHub, a subsidiary of Microsoft. The hacker goes by the name of Shiny Hunters, who claims to have full access to the private repositories.
What is happening:
Initially, the individual planned on selling the 500 GB of downloaded private projects but later decided to leak them free of cost. However, it seems that the breach may have occurred on 28th March 2020. Shiny Hunters claimed that they have no access to the account anymore.
A wider view:
- The hacker offered 1 GB of files on a hacker forum, as a teaser. However, other threat actors have refused to find the data credible.
- There is no Office or Windows source code, and thus, Microsoft has nothing to worry about.
- The stolen data mostly seems to be generic items, including code samples and test projects.
What the experts are saying:
A Microsoft employee has stated that the hacker is only presenting the samples as a product of successful hacking since GitHub’s policy is to make repositories public within a month.
There is no explanation as to why the hacker decided on delaying the leak. Nonetheless, it adds up to the suspicion that the scenario is made up.
Microsoft has not released any official statement about the breach.
Under the Breach, a cyber firm, has expressed concern about APIs or private keys been left behind accidentally in the repositories, since they can be used to sign malware. However, this is a developing story.