The attack has affected 392 different GitHub repositories. The attacker has sent the same ransom note to all account holders. The ransom note reads, “To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at [email protected] with your Git login and a Proof of Payment.”
GitHub alternatives like Bitbucket and GitLab have also been affected. These attacks follow a similar pattern. The hacker targeted accounts with either weak passwords or credentials that were leaked over separate services sometime in the past.
According to a security researcher from Atlassian, nearly 1,000 users could have been affected by these attacks. It is unclear if anything of great value has been stolen from these attacks. It is quite possible that the compromised accounts are largely unused projects or self-baked projects.
The ransom note also states that victims have only 10 days to pay the amount. The hacker threatens of releasing the stolen codes if the payment is not made.
In an official statement, GitHub said, “At this time, it appears that account credentials of some of our users have been compromised as a result of unknown third-party exposures. We are working with the affected users to secure and restore their accounts.”
GitHub, Bitbucket, and Gitlab are investigating the nature of attacks and stolen data. The users of these services are recommended to activate two-factor authentication on their accounts.