A hacker who has stolen several Git repositories from users is threatening to release their code to the public unless they pay a ransom of 0.1 in bitcoin, which is close to $565.
In a note, the hackers said that anyone who had their code stolen had 10 days to pay the ransom or it would be leaked. People using Github, Bitbucket, and Gitlab were all impacted.
Below is a copy of the note, according to The Verge:
“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at email@example.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next 10 Days, we will make your code public or use them otherwise.”
According to ZDNet, 392 Github repositories have been hit so far, but the bitcoin account where the ransom funds are being directed to is still empty. If your account has been hacked and you don’t want to pay the ransom, contacting customer support for whatever service you’re using could be helpful. Companies always try to find solutions when their security has been compromised.
The big lesson here for coders who have their repositories on platforms like Github is to not store your information in plain text. The hacker gained access to the code by scouring the internet for Git config files, then taking the credentials that were in plain text to gain access.
Storing passwords in plain text is something security experts have cautioned against for years. Just a few months ago, Krebs on security made it known that Facebook stored millions of user passwords in plain text, making them vulnerable to the efforts of hackers.
As hackers and their methods become sophisticated, people need to be overly cautious about where and how they store their personal information.