微软GitHub账号疑似被黑,黑客声称窃取500GB数据

微软GitHub账号疑似被黑,黑客声称窃取500GB数据

微软GitHub账号疑似被黑,黑客声称窃取500GB数据



根据BleeppingComputer透露的消息,就在前两天,一名黑客声称自己成功入侵了微软的隐私GitHub库,并从中窃取了超过500GB的数据。
微软公司尚未就该漏洞事件公开发表评论,这似乎并没有影响到该公司任何主要软件产品。
在此攻击事件发生之后,以为自称名叫“Shiny Hunters”的黑客与BleepingComputer联系,并告知称他已经成功入侵了微软的GitHub账号,而且成功获取到了其私有GitHub库的完整访问权。
为了证明自己已成功入侵,这名名攻击者还向媒体提供了自己攻击成功的界面截图:
这名攻击者表示,他成功入侵微软的隐私GitHub库之后,下载了超过500GB的项目代码,一开始他是打算把这些代码卖掉的,不过现在他打算免费公布给大家。
根据公布的泄露文件文件时间戳,入侵行为貌似发生在2020年的3月28日。泄露文件列表所显示的文件时间戳如下图所示:

“Shiny Hunters”向BleepingComputer表示,在成功入侵并下载了相关源码之后,他就再也没有访问过微软的GitHub库了。

微软私有库代码泄露


为了吸引社区人员的注意,这名攻击者还专门在一个黑客论坛上发布了1GB的泄露文件,以供网站的注册用户访问泄露数据。
由于其中的部分泄露文件中包含了中文文本或指向latelee.org的引用链接,因此论坛上的某些用户对此次泄露数据的真实性表示怀疑。
在该名攻击者发送给BleepingComputer的目录列表以及其他隐私库样本中,被盗的数据大多数都是代码样例、测试项目以及一个电子书和其他的通用项。
但是,其中也有一些私有代码库看起来也比较有趣,比如说有一些命名为“wssd cloud agent”、“The Rust/WinRT language projection”,还有一个名叫“PowerSweep”的PowerShell项目。
总的来说,从攻击者共享出来的内容来看,微软似乎并没有什么需要担心的,因为这里没有涉及到Windows或Office的源代码。
除此之外,很多在黑客论坛上看到泄露数据的网络情报公司也认为,微软并不需要对此次事件有过多的担心。

但是,微软方面处于安全考虑,确实需要对此次事件表示担心,因为有些开发人员可能会像之前那样不小心把私有API密钥或其他隐私密码留在了一些私有代码库中。
微软公司的员工Sam Smith则通过推文回应称,他个人认为此次泄露事件是伪造的,因为微软有一个所谓“不成文的规则”,就是GitHub库必须在30天内公开。
但无论此次事件是真是假,目前普遍的共识是并没有对微软有什么影响。如果泄露属实,最迫切的关注点是黑客如何取得访问权限的。
在此次事件被曝光之后,BleepingComputer已与微软方面取得了联系,以确认这些文件是否合法,但尚未收到微软方面的回复。

Microsoft’s GitHub account hacked, private repositories stolen



A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer has learned.
This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full access to the software giant’s ‘Private’ repositories.

Actor’s proof of access to Microsoft’s private GitHub repos

The individual told us that they then downloaded 500GB of private projects and initially planned on selling it, but has now decided to leak it for free
Based on the file stamps in full directory listing of the leaked files, the breach may have occurred on March 28th, 2020.

Leaked data listing showing the breach date

Shiny Hunters told BleepingComputer that they no longer have access to Microsofts GitHub account.

Private repositories leaked


As a teaser, the hacker offered 1GB of files on a hacker forum for registered members to use site ‘credits’ to gain access to the leaked data.
As some of the leaked files contain Chinese text or references to latelee.org, other threat actors on the forum do not feel that the data is real.
Based on the full directory listing of the stolen data and and source code from private repositories that was sent to BleepingComputer by the hacker, the stolen files appear to be mostly code samples, test projects, an eBook, and other generic items.
Some private repositories look a bit more interesting such as ones named some ‘wssd cloud agent’, a The Rust/WinRT language projection’, and a ‘PowerSweep’ PowerShell project.
Overall, from what was shared, there does not appear to be anything significant for Microsoft to worry about, as it did not contain more sensitive code for software like Windows or Office.
Cyber intelligence firm Under the Breach, who also saw the leak on the hacker forum, shares BleepingComputer’s opinion that there is not much to worry about.
They did express concern that private API keys or passwords could have accidentally been left behind in some of the private repositories like other developers have done in the past.

Since publishing this story, a Microsoft employee who wished to remain anonymous has told BleepingComputer that the stolen data is legitimate.
Other employees who had previously denounced the leak as fake, have since deleted their tweets.
Microsoft has told BleepingComputer that they are “aware of these claims and are investigating.”
Update 5/8/20: Updated to include info that the breach was confirmed as legitimate by MS employee and statement from Microsoft.

发表评论

电子邮件地址不会被公开。 必填项已用*标注