Hundreds of Git Code Accounts are Hacked for Ransom




/ 2 weeks ago

Git Coders Face Ransom

If you are a coder working in a team, then the chances are that all your work and data is stored within some form of Git repository. This allows all users to access the ‘source‘ data to ensure (in very basic terms) that everyone working on it is singing from the same hymn sheet.

As such, losing the data or even access to it can represent a very significant loss in time. Well, that and also (perhaps more significantly) money and development.

In a report via The Verge, however, various people are waking up to that potential reality as a hacker has been able to obtain details for hundreds of accounts with code stored on various Git repository websites.

password

How Did This Happen?

The hacker reportedly obtained the passwords by simply doing a bit of research and internet ‘leg work’. By searching online for the configuration files, apparently many users left the access passwords in (practically) plain sight.

Removing all of the data from the repositories, those logging in to start work will instead find the following message:

“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at [email protected] with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next 10 Days, we will make your code public or use them otherwise.”

With 0.1BTC currently trading at about $550-$580, while it isn’t a crazy amount of money, it still represents a fairly significant sum.

github

Who Has Been Affected?

Users from GitHub, Bitbucket, and GitLab have all been confirmed as having been targeted by this hacker. While GitHub has acknowledged the attack, they do of course (and quite rightly) absolve themselves of any blame. They didn’t, after all, make the passwords so easily available. The coders themselves did. As such, the hacker didn’t strictly ‘hack’ anything. They just found information that was freely available with just a little digging.

As such, while they sympathise with the situation, their best recommendation is for all users to firstly not put their passwords into any written format and secondly to activate the two-factor authentication.

What do you think? Do you know anyone who has been affected by this? Do you use two-factor authentication? – Let us know in the comments!

Topics: , , , , , , ,


Support eTeknix.com

By supporting eTeknix, you help us grow. And continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

Check out our Latest Video

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!