GitHub, a meeting place for software developers, was compromised and the security of more than 300 accounts/code repositories breached by a hacker.
However, they did not leave without trace seeing they left a Bitcoin note for the affected accounts.
The note read, in part:
“Send us 0.1 Bitcoin (BTC) to our Bitcoin address… and contact us by Email at admin[at]gitsbackup.com with your Git login and proof of Payment. If you are unsure if we have your data, contact us, and we will send you a proof. Your code is downloaded and backed up on our servers.”
According to the hacker’s demands, failure to send the ransom within ten days permits them to either use the code as they please or publish it on public forums. At the time of writing, 0.1 BTC was worth roughly $560.
The Bitcoin address left behind by the hacker has been used more than 25 times since the code repositories were hacked. Some of those whose accounts were compromised have admitted they have themselves to blame for using weak login details.
Fortunately, all is not lost. Reports have emerged that the hackers did not actually delete the files. Instead, they changed the “Git commit headers, meaning code can be recovered” although not in all the cases.
Since the hack, those affected have been urged to “PLEASE get in touch with Git[hub, lab]/ Bitbucket support before considering paying the ransom…there’s a good chance their support can help fix this.”
Although ransom can be viewed as the best resort in getting their code back, there is no guarantee that the hackers will honor their end of the deal. Information from GitHub indicates that the login credentials may have been siphoned from third-party services that the affected account holders have used in the past.