Microsoft GitHub

Summary

A hacking group known as Shiny Hunters stole 500 GB of data from Microsoft's private GitHub repositories. The group, who gained access through a compromised employee account, published some of the stolen projects on a hacking forum that contained various files, directories, and some private Microsoft GitHub projects. Researchers assess that Shiny Hunters gained access to roughly 1,200 private repositories around March 28, 2020, which have since been secured. Though the breach was largely dismissed as insignificant, some images of the directory listing appear to contain source code for Azure, Office, and some Windows runtimes, and concerns have been raised regarding access to private API keys or passwords that may have been mistakenly included in some private repositories. Additionally, Shiny Hunters is flooding dark web marketplaces with breached databases, selling an estimated 73.2 million user records from at least 11 different breached companies just this week. Users are urged to establish strong passwords, unique to each site, and enable multi-factor authentication where available. Further information can be found in the ZDNet article.