- A hacker using the nickname “Shiny Hunters” claims to have stolen 500 GB of valuable source code belonging to Microsoft.
- The person allegedly hacked the company’s GitHub account and downloaded all private repositories.
- The first samples that were leaked to the public aren’t confirming the hacker’s claims.
According to recent reports, an anonymous hacker claims to have taken over the GitHub account of Microsoft, gaining full access to all of the software company’s private repositories, and stealing 500 GB of data in the process. The nickname used by the hacker is “Shiny Hunters,” and he contacted Bleeping Computer him/herself to inform the medium of the security incident. The person provided screenshots to prove the data breach, although this is still not concrete proof of the claims made. “Under the Breach” claimed that the data appears to be real, but an MS employee has called the story bullshit. As he wrote, Microsoft has a policy of making GitHub repositories public within a month, so the person is merely presenting these as the products of a successful hacking attack.
It’s most likely bs. Msft has a “rule” that GitHub repos must be public within 30 days.
— Sam Smith (@samsmithnz) May 6, 2020
More specifically, the data that was presented seems to contain Office, Windows, API, and Azure source code. All in all, this data would be highly valuable, and its leaking would be catastrophic for Microsoft. The hacker only offered a 1 GB teaser of the data, which contains Chinese text and references to “latelee.org,” which reduces the chances of this being real. Bleeping Computer received another sample, containing an ebook, general stuff, code samples, and things that don’t seem to be of any worth. The sample dates from March 28, 2020, which could be the date of the breach, if that ever happened.
Still, the person behind Shiny Hunters states that the breach is real and that he/she was previously planning to sell it. Now, the plan is to leak it online for free to everyone, so I guess this was just a teaser aiming to achieve something in the meantime. We cannot speculate on the reason why the person would opt to delay the leak, but this is only adding further to the scenario that this whole story is made up.
Microsoft, which also happens to be the owner of GitHub since 2018, hasn’t published an official statement on the hacker’s claims yet. Maybe they have approached the hacker and are in the process of negotiating, and perhaps this is what the person was hoping to achieve by leaking “worthless” samples to the public. Whatever the case, we will have to wait and see now as we are bound to see developments in this story soon.