Online sources report that hundreds of developers have discovered the disappearance of code in their Git repositories. An unknown hacker threatens to release the code if his ransom demands are not met within a specified timeframe. Attacks were reported on Saturday. They appear to be coordinated through Git hosting services (GitHub, Bitbucker, GitLab). It is still unclear how the attacks were carried out.
It is reported that the hacker removes all source code from the repository, and instead leaves a message in which he asks for a ransom of 0,1 bitcoin, which is approximately equal to $570. The hacker also reports that all the code is saved and located on one of the servers under his control. If the ransom is not received within 10 days, he promises to place the stolen code in the public domain.
According to BitcoinAbuse.com, a resource that tracks bitcoin addresses seen in suspicious activity, over the past 27 hours, XNUMX reports have been recorded for the specified address, each of which contained the same text.
Some users who were attacked by an unknown hacker reported that they used insufficiently strong passwords for their accounts, and also did not delete access tokens for applications that were not used for a long time. Apparently, the hacker scanned the network looking for Git configuration files, the discovery of which made it possible to extract user credentials.
GitLab security director Kathy Wang confirmed the problem, saying that the investigation into the incident was launched yesterday, when the first user complaint was received. She also said that it was possible to identify the accounts that were hacked, their owners have already been notified. The work done helped to confirm the assumption that the victims used insufficiently strong passwords. Users are encouraged to use dedicated password management tools as well as two-factor authentication to prevent similar issues from occurring in the future.
Members of the StackExchange forum studied the situation and came to the conclusion that the hacker does not remove all the code, but changes the headers of Git commits. This means that in some cases, users will be able to recover the lost code. Users experiencing this problem are advised to contact service support.