GitHub, Bitbucket and GitLab open-source projects hacked and held for ransom

Code of around 400 GitHub repositories removed by hackers and held for payment of 0.1 Bitcoin

About 400 repositories hosted on GitHub, Bitbucket and GitLab have been hacked, with the attacker threatening to 'leak' code if the owners don't pay a ransom within ten days.

The attacks broke out last week and have affected users of GitHub, Bitbucket and GitLab, whose code was removed and replaced with the following ransom note:

"To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by email at [email protected] with your Git login and a proof of payment.

If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we don't receive your payment in the next 10 days, we will make your code public or use them otherwise."

The ransom demand of 0.1 Bitcoin currently amounts to about £430.

It is not known how the accounts were compromised but it is believed that a combination of weak and re-used passwords, as well as account holders failing to remove access tokens for projects that haven't been used for some time may have contributed.

If we don't receive your payment in the next 10 days, we will make your code public or use them otherwise

"However, all the evidence suggests that the hacker has scanned the entire internet for Git config files, extracted credentials, and then used these logins to access and ransom accounts at Git hosting services," suggested ZDNet's Catalin Cimpanu.

No payments have been made so far and code can, in some instances, be recovered, added Cimpanu: "Members of the StackExchange Security forum have found that the hacker does not actually delete, but merely alters Git commit headers, meaning code commits can be recovered, in some cases."

There may also be other ways of recovering lost code and anyone affected have been urged to contact their respective repository for advice before paying any ransom demand.

GitHub is owned by Microsoft - acquired in a $7.5 billion deal struck in June 2018 - while Bitbucket is owned by Atlassian and GitLab is privately held.

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.