A hacker is wiping Git repositories

General discussion and chat (archived)

Moderator: satrow

User avatar
F22 Simpilot
Lunatic
Lunatic
Posts: 319
Joined: 2019-01-06, 07:59
Location: From RLG fly heading 053 intercept 315 DVV look for the SAM

A hacker is wiping Git repositories

Unread post by F22 Simpilot » 2019-05-04, 02:44

Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).


https://www.zdnet.com/article/a-hacker- ... -a-ransom/
If you're that smart and act like a dork, then you're not that smart after all. :geek:

Walter Dnes
Astronaut
Astronaut
Posts: 607
Joined: 2015-07-30, 20:29
Location: Vaughan, ON, Canada

Heads up: Ongoing attacks against Github

Unread post by Walter Dnes » 2019-05-04, 07:15

https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/
Hundreds of developers have had had (sic) Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today (May 3), appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).
I assume that the devs have some form of offsite backup.
There's a right way
There's a wrong way
And then there's my way

User avatar
adesh
Astronaut
Astronaut
Posts: 716
Joined: 2017-06-06, 07:38

Re: Heads up: Ongoing attacks against Github

Unread post by adesh » 2019-05-04, 07:21

UXP and related repositories seem to be up. No issues here!

Duplicate - viewtopic.php?f=4&t=22011

User avatar
New Tobin Paradigm
Off-Topic Sheriff
Off-Topic Sheriff
Posts: 5871
Joined: 2012-10-09, 19:37
Location: Sector 001

Re: Heads up: Ongoing attacks against Github

Unread post by New Tobin Paradigm » 2019-05-04, 08:16

If you read the article people were scraping webservers for plaintext configuration of otherwise private repositories with passwords. So, that is what this is.. Since we don't normally use private repositories and we don't have any where our git credentials would be except on our local systems.. We are pretty well in the clear. However, it may be a good idea for you and anyone who has access to your shit to change their passwords.

User avatar
Isengrim
Keeps coming back
Keeps coming back
Posts: 967
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: A hacker is wiping Git repositories

Unread post by Isengrim » 2019-05-04, 10:25

Also check your "authorized access list" or whatever it is on GitHub and clean up any permissions for apps/services you are no longer using.
Linux Mint 19.2 Cinnamon (64-bit), Windows 7 (64-bit), Windows 10 build 1803 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24451
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: A hacker is wiping Git repositories

Unread post by Moonchild » 2019-05-04, 12:18

I think the best way is to cycle everything regarding third party access.
Specifically, make sure to remove OAuth apps, revoke all access -- then change your password or update credentials, then re-authorize only those apps you are actively using.
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

RJARRRPCGP
Lunatic
Lunatic
Posts: 267
Joined: 2015-06-22, 19:48
Location: USA (North Springfield, Vermont)
Contact:

Re: A hacker is wiping Git repositories

Unread post by RJARRRPCGP » 2019-05-04, 22:34

Speaking of hack attacks, I received a threatening E-mail in the Yahoo spam folder, telling me that it got my password and showed the password that was generated by me! IIRC, by that time, I wasn't even using that password on YouTube and I already had different passwords for others. IIRC, it also tried to get me to click, talking about there being a ransom or malware in general. The ransom part is fake, but the password theft was genuine!

For any web service that still even had that password used, for fear of me being punished for making a request to change the password, for any that I remembered using recently, there were off-the-chart emergency password changes!

I have already changed passwords way after that and the password affected was one I generated in 2008.

I probably started using different passwords in or closer to 2015. And due to fears of a hack attack, before I saw that E-mail, I already had new passwords in 2018.

Locked