A hacker is wiping Git repositories

General discussion and chat (archived)
Locked
John connor
Banned user
Banned user
Posts: 1492
Joined: 2015-01-21, 05:06

A hacker is wiping Git repositories

Post by John connor » 2019-05-04, 02:44

Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).


https://www.zdnet.com/article/a-hacker- ... -a-ransom/

Walter Dnes
Astronaut
Astronaut
Posts: 633
Joined: 2015-07-30, 20:29
Location: Vaughan, ON, Canada

Heads up: Ongoing attacks against Github

Post by Walter Dnes » 2019-05-04, 07:15

https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/
Hundreds of developers have had had (sic) Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today (May 3), appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).
I assume that the devs have some form of offsite backup.
There's a right way
There's a wrong way
And then there's my way

User avatar
adesh
Board Warrior
Board Warrior
Posts: 1277
Joined: 2017-06-06, 07:38

Re: Heads up: Ongoing attacks against Github

Post by adesh » 2019-05-04, 07:21

UXP and related repositories seem to be up. No issues here!

Duplicate - viewtopic.php?f=4&t=22011

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 8909
Joined: 2012-10-09, 19:37
Location: Seriphia Galaxy

Re: Heads up: Ongoing attacks against Github

Post by New Tobin Paradigm » 2019-05-04, 08:16

If you read the article people were scraping webservers for plaintext configuration of otherwise private repositories with passwords. So, that is what this is.. Since we don't normally use private repositories and we don't have any where our git credentials would be except on our local systems.. We are pretty well in the clear. However, it may be a good idea for you and anyone who has access to your shit to change their passwords.
How far are you prepared to go? How much are you prepared to risk? How many people are you prepared to sacrifice for victory?
Are you willing to die friendless, alone, deserted by everyone? Because that's what may be required of you in the war that is to come.

Image

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1323
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: A hacker is wiping Git repositories

Post by Isengrim » 2019-05-04, 10:25

Also check your "authorized access list" or whatever it is on GitHub and clean up any permissions for apps/services you are no longer using.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29257
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: A hacker is wiping Git repositories

Post by Moonchild » 2019-05-04, 12:18

I think the best way is to cycle everything regarding third party access.
Specifically, make sure to remove OAuth apps, revoke all access -- then change your password or update credentials, then re-authorize only those apps you are actively using.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image

RJARRRPCGP
Lunatic
Lunatic
Posts: 391
Joined: 2015-06-22, 19:48
Location: USA (North Springfield, Vermont)
Contact:

Re: A hacker is wiping Git repositories

Post by RJARRRPCGP » 2019-05-04, 22:34

Speaking of hack attacks, I received a threatening E-mail in the Yahoo spam folder, telling me that it got my password and showed the password that was generated by me! IIRC, by that time, I wasn't even using that password on YouTube and I already had different passwords for others. IIRC, it also tried to get me to click, talking about there being a ransom or malware in general. The ransom part is fake, but the password theft was genuine!

For any web service that still even had that password used, for fear of me being punished for making a request to change the password, for any that I remembered using recently, there were off-the-chart emergency password changes!

I have already changed passwords way after that and the password affected was one I generated in 2008.

I probably started using different passwords in or closer to 2015. And due to fears of a hack attack, before I saw that E-mail, I already had new passwords in 2018.

Locked