Hundreds of Git Code Accounts are Hacked for Ransom

Git Coders Face Ransom

If you are a coder working in a team, then the chances are that all your work and data is stored within some form of Git repository. This allows all users to access the ‘source‘ data to ensure (in very basic terms) that everyone working on it is singing from the same hymn sheet.

As such, losing the data or even access to it can represent a very significant loss in time. Well, that and also (perhaps more significantly) money and development.

In a report via The Verge, however, various people are waking up to that potential reality as a hacker has been able to obtain details for hundreds of accounts with code stored on various Git repository websites.

How Did This Happen?

The hacker reportedly obtained the passwords by simply doing a bit of research and internet ‘leg work’. By searching online for the configuration files, apparently many users left the access passwords in (practically) plain sight.

Removing all of the data from the repositories, those logging in to start work will instead find the following message:

“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next 10 Days, we will make your code public or use them otherwise.”

With 0.1BTC currently trading at about $550-$580, while it isn’t a crazy amount of money, it still represents a fairly significant sum.

Who Has Been Affected?

Users from GitHub, Bitbucket, and GitLab have all been confirmed as having been targeted by this hacker. While GitHub has acknowledged the attack, they do of course (and quite rightly) absolve themselves of any blame. They didn’t, after all, make the passwords so easily available. The coders themselves did. As such, the hacker didn’t strictly ‘hack’ anything. They just found information that was freely available with just a little digging.

As such, while they sympathise with the situation, their best recommendation is for all users to firstly not put their passwords into any written format and secondly to activate the two-factor authentication.

What do you think? Do you know anyone who has been affected by this? Do you use two-factor authentication? – Let us know in the comments!