Microsoft's GitHub account breached by threat actors Shiny Hunters

The hackers behind a recent attack against Indonesia’s Tokopedia have now targeted Microsoft. According to a report from HackRead, the hacking group, which calls itself “Shiny Hunters” (perhaps a Pokemon reference), gained access to Microsoft’s GitHub account. Shiny Hunters has been in direct contact with HackRead as it is clear that they want full credit for the breach. To prove the veracity of their claims, Shiny Hunters provided the following screenshots to HackRead showing various repositories:

The contents of the Microsoft GitHub account includes roughly 500GB of data that consists of various code samples, projects, eBooks, and much more. HackRead pointed to three particular items that were of particular interest, namely wssd cloud agent, the Rust/WinRT language projection, and PowerSweep (a Powershell-based ping sweeper). There has not been any private information confirmed to exist within the repositories. Shiny Hunters is also confirmed to have published around 1GB of data from the hacked GitHub account to a hacking forum.

Though these screenshots seem legitimate, there were some cybersecurity experts that doubted the claims until analyzing them. Upon analysis, however, the veracity of Shiny Hunters’ claims that they breached Microsoft’s GitHub account were no longer in question. In particular, Under the Breach stated the following in a tweet:

Under the Breach went on to conduct an interview with HackRead in which they said the following:

While for some companies Github serves as a tool to store valuable source code in the form of private repositories, companies as large as Microsoft aren’t likely to do the same as they are self-sufficient and have secured internal systems designed to hold sensitive source codes... That being said, companies often do make mistakes such as leaving keys and passwords in these private repositories, forgetting they aren’t very safe. but Under the Breach contacted Microsoft to make sure they’re aware of the leak and will replace any keys or passwords exposed if there are any, the company explained.

Once contacted by Under the Breach, Microsoft secured their GitHub account. This is confirmed by Shiny Hunters as they report being unable to access any repositories. As GitHub is a Microsoft property, acquired to the tune of $7.5 billion in 2018, this is a PR nightmare. Microsoft’s security capabilities have long been questioned, as have their privacy practices, and this Shiny Hunters breach doesn’t help reduce skepticism. To have the company’s very own account accessed by a fresh face in cybercrime shows they do not have things under control.

GitHub users justifiably have many questions for the company following this, and Microsoft should prepare to deal with them.

Featured Image: GitHub

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Hardware RAID vs. software RAID: Pros and cons for each

RAID is a technique to virtualize independent disks into arrays for improved performance. Should you…

3 days ago

After the plague: What IT will look like in a post-COVID-19 world

COVID-19 has changed everything, but once it disappears, we will not go back to how…

3 days ago

Solved: Outlook defaults to Microsoft 365 version with Exchange server

An Exchange server with a hybrid connection to Microsoft 365 is usually pretty seamless —…

4 days ago

How chatbots are changing the way teams communicate internally

Chatots are primarily thought of as consumer-facing solutions. They bring life to customer interactions by…

4 days ago

Hakbit ransomware campaign targeting specific European countries

The newly uncovered Hakbit ransomware campaign spread via spear-phishing emails may indicate a shift in…

4 days ago

Credential stuffing: Everything you need to know to avoid being a victim

Credential stuffing is yet another weapon being used by cybercriminals. Here’s what credential stuffing is…

5 days ago