Git Attack Hit Weak Credentials
May 14, 2019 / Dan Meyer
The git community is working to triage an apparent ransomware attack that hit user accounts on GitHub, GitLab, and Atlassian Bitbucket. The attack was initially discovered on May 2. Reports suggested that the attack targeted accounts with weak passwords. According to a blog post released today by the three organizations, the attacker used automated means to take over repositories linked to those accounts. The attacker appeared to have removed the contents of the repositories and left a message that the content would be returned if the account holder paid a 0.1 Bitcoin ransom. The organizations noted that compromised accounts were accessed by the attacker gleaning legitimate credentials that were either weak or through a third-party platform. One of those third-party systems was found to also be host to the attack, which the git repositories were able to lock down, though ongoing scans found account compromises were continuing up to May 10.