A hacker has been breaking into Github accounts, wiping the code repositories and then demanding a ransom in exchange to restore the information.
The attack, which was initially noticed by ZDNet, has hit at least 392 different Github repos and defaced them with a ransom note. “To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at firstname.lastname@example.org with your Git login and a Proof of Payment,” reads the note.
The attack started only about day ago and has also been hitting code repositories on similar services Bitbucket and GitLab. One victim speculated the hacker broke into his account by successfully guessing the password.
“My password was a weak one that could’ve been relatively easily cracked via brute-force,” the victim said in a post on Q&A site Stack Exchange. “It is also possible that my email address and that particular password are on a list of leaked accounts.”
So far, the Microsoft-owned Github hasn’t commented on the hacks. However, a security researcher at Atlassian, which owns Bitbucket, told Motherboard that as many as 1,000 users could’ve been hit in the attacks.
In a security advisory sent on Friday, Bitbucket said the mysterious hacker broke into the compromised accounts by inputting the correct username and password. “We believe that these credentials may have been leaked through another service, as other git hosting services are experiencing a similar attack,” it added. “We have not detected any other compromise of Bitbucket.”
GitLab told PCMag: “We have strong evidence that the compromised accounts have account passwords being stored in plaintext on a deployment of a related repository. We strongly encourage the use of password management tools to store passwords in a more secure manner.”
According to the ransom note, victims only have 10 days to pay up the 0.1 Bitcoin ($566) or else the hacker will make the stolen code public or use it…