An unknown hacker claims to have theft 500GB worth of data from not just any organization, from Microsoft’s GitHub Repository. Microsoft itself is such a huge name that seems impossible to trust the authenticity of the leak yet the hacker offered 1GB of data of a hacker forum. The hackers on the Bleeping Computer Portal have doubted it ever since.
As a teaser, the unknown offers 1 GB of data on a hacker forum, but hackers doubt the authenticity of the leak.
Unknown said he was able to steal 500 GB of data from Microsoft’s closed GitHub repository. Judging by the timestamps in the files he published, the alleged hack could have occurred on March 28, 2020.
On Wednesday evening, May 6, someone identified as Shiny Hunters contacted the Bleeping Computer portal and announced that they had hacked a Microsoft-owned GitHub account. According to Hunters, he stole 500 GB of private projects from the company’s repository with the intention of selling them, but then changed his mind and decided to publish for free.
As a teaser, Hunters offers 1 GB of data on one of the hacker forums for registered users. However, forum participants doubt the authenticity of the leak. For example, some “leaked” files contain Chinese text, links to latelee.org or Chinese text, which is very suspicious.
Some catalogue files and sample repositories provided by the hacker to the Bleeping Computer portal mainly contain code samples, test projects, eBooks, and other general data. Other repositories are more interesting, for example, “WSSD cloud agent”, “The Rust / WinRT language projection” and “Power-Sweep PowerShell”. Nevertheless, apparently, nothing serious has flowed, and Microsoft has nothing to worry about.
According to experts of the information security company Under the Breach, a “leak” will not have any special consequences for the company. True, they expressed concern about the possible compromise of API keys and passwords left by developers in projects, as happened before. In a commentary on an Under the Breach tweet, Microsoft employee Sam Smith said the leak was likely a fake, as the company made it a rule to open all its repositories within 30 days.