Cyber Incident Victim: Microsoft

On March 28, 2020, a hacker using the alias Shiny Hunters breached Microsoft’s GitHub account, gaining full access to its private repositories. The attacker downloaded over 500GB of data from these repositories, initially intending to sell the stolen information before opting to release it publicly at no cost. As evidence of the breach, Shiny Hunters provided BleepingComputer with a full directory listing of the exfiltrated files, which included timestamps pointing to the March 28 intrusion date. The hacker later lost access to Microsoft’s account but promoted the leak by offering 1GB of the stolen data on a hacker forum, requiring registered users to spend site credits to access it. Some forum users questioned the authenticity of the leak due to the presence of Chinese text and references to latelee.org in certain files.

The stolen data primarily consisted of code samples, test projects, an eBook, and generic items, with no evidence of sensitive Windows or Office source code. Notable repositories included projects named “wssd cloud agent,” “The Rust/WinRT language projection,” and a “PowerSweep” PowerShell utility. Cybersecurity analysts from BleepingComputer and the firm Under the Breach assessed the leak as low-risk for Microsoft, though they noted potential exposure if private API keys or passwords were inadvertently embedded in the repositories. Following BleepingComputer’s report, an anonymous Microsoft employee confirmed the legitimacy of the breach, prompting other employees who had publicly dismissed the leak as fake to delete their social media posts. Microsoft acknowledged the incident, stating it was aware of the claims and investigating. The company did not disclose further details about remediation efforts or the scope of internal reviews.