In GitHub repositories lie some very important secrets, for companies. They are meant to be hidden and protected against hackers and other thieves who would like to steal this information, in order to resell it.
How safe are those secrets? A year ago, a hacker named Shiny Hunters claimed to have stolen 500GB of data from Microsoft’s GitHuB. Here is the story that shows how important it is for companies to make sure their GitHub is an unattainable fortress.
Data breach has been a serious issue for companies for a few years now, but one that isn’t talked about so much in the open; almost as if the subject was taboo. In fact, many companies have adopted the strategy of crossing their fingers, hoping their secrets would remain so. A strange attitude when you know that there are tools today, like GitHub Security Scan, that lets you analyze public and private repository, in order to make sure that there are no holes that could lead to potential leaks.
These breaches can cost a lot of money, as hackers then blackmail the company to buy it back. If they do, they will never be sure that the hackers won’t sell the information anyway. That is indeed what they do, by bringing it onto the black market. They can sell fast and to a large number of people, causing problems that can not be solved, afterwards.
In May 2020, a hacker called Shiny Hunters has claimed to have stolen 500GB of data on Microsoft’s GitHub repository. This entry into such a restricted access was one of the most important, of all time. His original goal was to turn towards the black market in order to sell this info. But after analyzing the data he had stolen, he changed his mind and made it available publicly, for free. It didn’t take long for the authenticity of the data to be contested. But in the end, most agreed that the information given out was most probably coming from Microsoft GitHub repository, but was of no importance. Most of them were in Chinese, and they seem to be relating to projects that were never launched by the company.
However, what this story shows, is that even giants like Microsoft can be hacked through their GitHub repository. That begs the question: Why would any company with information to protect, in such a location, not use a GitHub scan, to make sure that theirs is safe? If that is your case, hopefully this story will have made you change your mind, before your GitHub repository gets hacked.