Apparently, the hacker has been able to access data of private repositories, and post them of various forums.
Microsoft's GitHub repository had an access breach a few weeks back, which allowed the hacker to steal data up to 500GB mostly comprising of private projects from different users/firms. The incident was initially downplayed by Microsoft but according to ZDNet report, those sentiments were retracted by the company after it was observed that a Microsoft employee's GitHub account was hacked.
By taking control of the person's account, the hacker was looking to get hold of source code for important Microsoft projects like Windows and MS Office but the report says he didn't cause serious damage to the company’s' repository with his actions. However, he is likely to have got control of over 1,200 private repositories, and only after he decided to share the updates of the project on hacker forums, things became clear to the company.
Strangely, the hacker who goes by the name Shiny Hunters, reached out to publication called BleepingComputer earlier this month and told them about getting access to data of up to 500GB from Microsoft's GitHub repository. The confirmation of this incident was mentioned by a Microsoft spokesperson, quoted in the ZDNet report, but the company didn't share the exact details about the hack, and what kind of data is part of the supposed 500GB, the hacker has been able to access by taking control of that person's account.
Microsoft bought GitHub earlier this year, and the repository is mostly known for its popularity amongst those who've religiously followed open source as their standard of developing products. But this incident is likely to concern the open source community who've relied on GitHub for building a host of developer tools that have eventually been the stepping stone for various products over the years. Even right now many organisations are using GitHub to build their base for contact tracing apps that will be available for the public to scrutinise and inspect.
You might like this