A small number of Microsoft employee’s GitHub accounts were recently attacked as some of the firm’s private GitHub repositories were compromised. However, the hacker was not able to gain access to any major apps or compromise any vital system.
The infiltration occurred in March and was only known this
week when the hacker announced he was publishing the details of the hack in a
darknet forum.
From the information gathered from some Microsoft employees,
a small portion of the stolen files was genuine. But the hackers could not
access the source code of any Microsoft’s core project such as Office and
Windows.
Cybersecurity firms Under The Breach and Nightlion Security secured copies of the files
the hackers leaked on the darknet. The details include a list of all
directories and files the hackers stole from the private GitHub repositories of
Microsoft. The security firms also received data on some private Microsoft
projects.
Microsoft writer Mary Jo Foley spoke to some of the
Microsoft engineers, who wanted to stay anonymous, regarding the recent
compromise of data by hackers.
There is now confirmation that directories and files on the list released by the hackers actually contain projects stored as private repositories in Microsoft’s GitHub account . Some Microsoft employees also confirmed the authenticity of the leaked data.
The Microsoft engineers who were still arguing that the
leak was a hoax have now retraced their initial comments when the news about
the leak spread within the company.
Other employees who initially commented that the leak was a scam have
since deleted their tweets after more reports about the leak emerged.
Others gave partial authenticity of the leak because a huge
part of the directories and files released by the hacker was not related to any
project from Microsoft. Some of them have no affiliation with any Microsoft
project or any open-source project that has been active for many years. But
it’s still not clear how the hackers were able to get hold of the GitHub
repositories.
Reports also revealed that none of the projects stolen by
the hackers is even remotely vital or sensitive. The GitHub Microsoft account
is utilized for hosting private projects which are made available in the future
under an open-source license. They are also available for sharing and hosting
open-source documentation and projects.
Additionally, some Microsoft employees revealed that their private projects which Microsoft hosted on the GitHub account were not part of the list the hacker released earlier. That means the hackers were only able to access a small portion of the non-sensitive data stored in Microsoft account.
However, the only
concern for the stealing of sensitive data could be from some projects
containing API credentials and access tokens Microsoft may now have to revoke.
As security firm Under The Breach has
reported, the Microsoft employees may have discovered the vulnerable employee
GitHub account. The security firm got first-hand information from the hacker.
It confirmed that the hacker no longer has access to Microsoft’s private GitHub
repositories because Microsoft may have discovered and patched the
vulnerability.
The hacker responsible for this latest hack was still
responsible for the Tokopedia hacking incident earlier reported last week.
The hacker compromised the accounts of 15 million
registered users on Tokopedia, the largest online store in Indonesia. He
decided to release them on the darknet.
The hacker claimed the hacking incident occurred in March
and the hack contained only a small portion of the platform’s user database.
The hacker also revealed it shared the 15 million user samples hoping that someone could decipher the passwords and use them to access user accounts. From the information provided by the hacker, it appears the accounts of the Microsoft private GitHub repos and Tokopedia user data were compromised within the same period.