Skip to main content
  1. Home
  2. Computing
  3. News

Hackers demanding bitcoin payments for code held hostage from GitHub and GitLab

By

Hackers are demanding bitcoin payments in exchange for code that they have extracted from GitHub, GitLab, and Bitbucket repositories, through ransom notes that they have left behind for their victims.

Hackers have removed all the source code from the repositories, and in exchange is a ransom note that demands 0.1 bitcoin, which is equivalent to about $570. The hackers claim to be willing to send proof that they are indeed holding the code hostage, backed up on their own servers.

Recommended Videos

“If we don’t receive your payment in the next 10 days, we will make your code public or use them otherwise,” the hackers wrote to end the ransom note.

There were a total of 392 GitHub repositories that had their commits and code wiped out by an account named gitbackup, which was created seven years ago on January 25, 2012, according to Bleeping Computer. So far, none of the victims have succumbed and paid the ransom to the hackers, which is good as there is no assurance that the code will indeed be returned.

It remains unclear how the hacker or hackers are gaining access to the repositories to be able to wipe out the stored codes and leave behind the ransom note. One user received a response from Atlassian, the company behind Bitbucket and the cross-platform free Git client SourceTree, regarding an attempted breach.

“Within the past few hours, we detected and blocked an attempt — from a suspicious IP address — to log in with your Atlassian account. We believe that someone used a list of login details stolen from third-party services in an attempt to access multiple accounts,” Atlassian told the user.

According to investigations by GitHub, in cooperation with the security teams of other affected companies, there was no evidence that the authentication systems of the repositories were compromised. It appears that the account credentials of the victims were acquired by hackers from third-party exposures, which is one of the risks of using a username and password in more than one service.

GitHub recommends its customers to use two-factor authentication, in conjunction with strong passwords, for better protection. However, one victim said that the hackers were still able to gain access even with two-factor authentication enabled, suggesting a vulnerability within GitHub’s systems.

Editors' Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
This 13-inch MacBook Air deal cuts the price by $150
The screen of the MacBook Air M2.

For those who are on the hunt for MacBook deals, you may want to check out Best Buy's bargain for the 13.6-inch Apple MacBook Air M2. The model with 256GB of storage and 8GB of RAM is down to $849, following a $150 discount on its original price of $999. We don't think this offer will last long though, so if you want to take advantage of it, there should be no hesitation on your end -- add it to your cart and proceed with the checkout process as soon as you can.

Why you should buy the 13.6-inch Apple MacBook Air M2
The 13.6-inch Apple MacBook Air M2 isn't the latest model of the laptop, but it's still featured in our list of the best MacBooks as the MacBook for everyone. That's because with its reduced price -- which is even lower with Best Buy's discount -- the machine is a relatively budget-friendly option for those who are planning to switch to a MacBook or to upgrade from an older model to enjoy Apple's own silicon. The Apple M2 processor, combined with an eight-core CPU, eight-core GPU, and 8GB of RAM, provides incredible performance that will be able to handle even the most demanding tasks for work or school.

Read more
How to keep your Microsoft Teams status active
Man uses Microsoft Teams on a laptop in order to video chat.

Keeping your Microsoft Teams status as "Active" can be a stressful experience if your boss is constantly looking over your shoulder. It might not be the most common Teams problem, but it's one we've all experienced at some point. While you might be getting on with something productive, if the person in charge doesn't know that and doesn't take kindle to "Busy" statuses, you may want to try some tricks to keep your Teams status active.

Fortunately there are a number of ways you can do that, from the honest and transparent, to the slightly sneaky. No judgement here. You do what you need to do. We're just here to teach you how to do it.

Read more
The 5 best Microsoft Surface Pro alternatives in 2024
Microsoft Surface Pro 9 top down showing tablet and Type Cover.

Whether you’re looking at the Surface Pro 9 or the Surface Pro 8, the Microsoft Surface Pro lineup is filled with great choices. But they can be a bit expensive, and if they’re just not quite what you’re looking for, you should know that you have other options.

To help you explore those options, we’ve collected our five favorite Surface Pro alternatives for you below. And, if you’re still not convinced and want to grab yourself a Surface Pro, then at least check out these Surface Pro deals to help save yourself some extra cash.

Read more