This weekend, another shocking news started doing rounds. Git Repositories hacked- the distributed version control for open source software was hacked. It includes GitHub, GitLab & Bitbucket as its extended channels. According to GitHub search, as many as 392 user accounts have been hacked. Further, the malefactor has deleted the programmer’s source codes and version histories and replaced it.
Ransom Message by Hacker
Late Friday, many programmers saw their “commits” section erased and replaced by a hacker created ransom message. In which the hacker asked for a sum of 0.1 Bitcoin (BTC), roughly about $250 deposited to their Bitcoin address in a span of 10 days. Or to contact him on his email “admin@gitsbackup.com”.
In that same message the hacker further threatened that if he has not received the payment within 10 days, he will go on to make the source codes public or exploit them at will.
In spite of this, no programmer has shown the will to pay the hackers except one who paid a meager amount of 0.00052525 BTS, which roughly converts to $3.
Git Repositories Hacked- Detailed Report
It is still unclear as to why this exploit happened, but the conjecture is that hackers must have exploited the free SourceTree git platform. For the users who were using multiple git repositories are only the ones that are being targeted.
An official update on this case came from Kathy Wang, Director of Security at GitLab. She confirmed the issue and assured that the investigation has already begun at GitLab. She, further, said that the affected users have been identified and notified. Regarding the hack, she referred to the investigation that there are proofs of the compromised accounts having their passwords stored in public permitted files.
Also, Only those repos were affected which were hosted across a number of platforms, from GitHub and GitLab to Bitbucket. Hence, it is extremely probable that the malware is targeting loose security structure rather than a particular vulnerability.
Git Repositories Hacked- What to do?
The serious concern here is that the hacker might make the codes public or can exploit them at his will.
Following are the things that you need to take care of right now:
- Clearly, making sure that you are not storing your passwords in your public configuration files will help you remain immune to most of the attacks on the web.
- Also, ensure you are using multi-factor authentication for your repositories.
In a nutshell, being vigilant is the answer. Overlooking even a small security measure can result in an awful hack that you could have avoided.