Pale Moon forum

Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).

https://www.zdnet.com/article/a-hacker- ... -a-ransom/

https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/

Hundreds of developers have had had (sic) Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today (May 3), appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).

I assume that the devs have some form of offsite backup.

UXP and related repositories seem to be up. No issues here!

Duplicate - viewtopic.php?f=4&t=22011

If you read the article people were scraping webservers for plaintext configuration of otherwise private repositories with passwords. So, that is what this is.. Since we don't normally use private repositories and we don't have any where our git credentials would be except on our local systems.. We are pretty well in the clear. However, it may be a good idea for you and anyone who has access to your shit to change their passwords.

Also check your "authorized access list" or whatever it is on GitHub and clean up any permissions for apps/services you are no longer using.

I think the best way is to cycle everything regarding third party access.
Specifically, make sure to remove OAuth apps, revoke all access -- then change your password or update credentials, then re-authorize only those apps you are actively using.

Speaking of hack attacks, I received a threatening E-mail in the Yahoo spam folder, telling me that it got my password and showed the password that was generated by me! IIRC, by that time, I wasn't even using that password on YouTube and I already had different passwords for others. IIRC, it also tried to get me to click, talking about there being a ransom or malware in general. The ransom part is fake, but the password theft was genuine!

For any web service that still even had that password used, for fear of me being punished for making a request to change the password, for any that I remembered using recently, there were off-the-chart emergency password changes!

I have already changed passwords way after that and the password affected was one I generated in 2008.

I probably started using different passwords in or closer to 2015. And due to fears of a hack attack, before I saw that E-mail, I already had new passwords in 2018.