Hacker Breaks in To Multiple Open-Source Platforms, Demanding Bitcoin Ransom for Return of Data

Hackers have broken in to user accounts, exchanges, and more, but one seems more interested in stealing the codes stored on other platforms. Demanding random for the return of the accounts, how successful has this hacker been?

  • GitHub, Bitbucket, and GitLab speak on recent attacks on user repositories.
  • Hacker has yet to fill crypto wallet with demanded random payments.

GitHub is a platform for open-source codes that many developers use to test out protocols and adapt to their own uses. However, one hacker has decided to start breaking into various accounts on the platform. Rather than using the codes, the hacker is going through these accounts and deleting the code repositories. In order to give back the information, the hacker keeps demanding a ransom in return.

ZDNet first discovered the attack, while has reached just under 400 repositories, leaving behind the following ransom note:

“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at [email protected] with your Git login and a Proof of Payment.”

Even though there is been 392 repositories affected, the attack only started yesterday, also attacking Bitbucket and GitLab accounts. According to one victim, the hacker managed to reach into their account by just guessing the password that they protected their content with. The victim admitted that the password was “weak” and that “brute force” would have been enough to crack it, as he wrote on Stack Exchange.

Github hacks

An Atlassian security researcher, who also owns Bitbucket, stated that there’s a possibility of up to 1,000 users that have been impacted by these attacks. Issuing a security advisory to users, Bitbucket stated that the hacker submitted the correct usernames and corresponding passwords to legitimately sign in. However, the platform theorizes that the information was leaked, considering how many other platforms have been impacted as well. At this point, Bitbucket confirmed that they have not found “any other compromise” of the platform.

The security director of GitLab, Kathy Wang, spoke with PCMag about the matter, saying that they have discovered “strong evidence” that all of these passwords have been recorded in “plaintext on a deployment of a related repository.” Wang added that users should consider storing their passwords “in a more secure manner.” In an email, Wang noted that the issues are still being evaluated, but the platform:

“found evidence the ‘update' scripts in some of the affected repositories hard-coded credentials in an insecure location in the deployed application.”

The ransom note says that the victim only has 10 days to come up with the 0.1 BTC, presently worth about $566, or the stolen cold will be publicized. There is also a chance that the hacker will keep the coding for their own purposes. However, the Bitcoin address presently has no funds.

Though there are some major threats included here, it does not look like the hacker has done what they claim at all, or at least that no victims have paid up. One victim said that they access “a commit’s hash” to retrieve their code. In an article with PCMag, the following link is provided to explain that process: https://security.stackexchange.com/questions/209448/gitlab-account-hacked-and-repo-wiped.

In the next 24 hours, Bitbucket users should be see their repositories restored. In the process, user passwords are being automatically reset, and two-factor authentication is being enforced. Users of the GitLab platform should already have access to the platform to recover data.

At this point, GitHub has not released any statement on these hacks.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Avatar
Krystle M
Krystle is an American cryptocurrency blogger that wants to see the future of crypto and blockchain technology evolve. She has been writing about cryptocurrency for about a year, with a special interest in blockchain technology and regulatory measures around the world. While away from writing and learning about the changes in the cryptocurrency industry, she likes to indulge in science fiction novels and further her experience in playing both guitar and piano.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,511FansLike
2,795FollowersFollow
4,273FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today