Hacker Gains Access to Microsoft’s Private GitHub Repository via Microsoft Employee’s Account

private microsoft github repo leaked

A hacker has managed to gain access to Microsoft’s Private GitHub Repository and leaked some data. It is the same guy behind the TokoPedia account breach that was identified last week.

The hacker downloaded private GitHub repositories by accessing it via Microsoft employee’s GitHub account. A couple of days ago, the hacker listed the file for sale on a hacker forum. It is believed that the incident occurred in March this year.

According to Microsoft officials, no sensitive details are leaked. The company does not store any highly confidential details concerning their core products like Microsoft and Office in GitHub, they are hosted internally on the Microsoft servers itself.

Microsoft only hosts open-source files on GitHub. The hacker managed to acquire about 1,200 private repos.

microsoft github repo leaked files
Credit: ZDNet

ZDNet managed to get access to the entire leaked repo files and multiple Microsoft employees have confirmed that the leaked files contain partial projects that were stored in Microsoft’s GitHub account as private repositories.

Microsoft officials also claim that a major portion of the leaked data does not appear to be that of Microsoft’s. They consider it as partially authentic because some files have no affiliation with Microsoft or are open source projects for years which are already made public.

No sensitive information has leaked as of now, Only sensitive data leaked as of now is the API credentials and Access tokens. The company will have to revoke access to every of these leaked credentials. Apart from these no data are leaked.

Microsoft Engineers have fixed the issue and the hacker has lost access to Microsoft’s Private Reposrity, confirmed by the hacker to Under the Breach.

Source: ZDNet

Ajay Varghese
Ajay is an active cybersecurity analyst and helps companies find and fix bugs and vulnerabilities. He is an ardent fan and power Linux user. His area of expertise includes Linux and Cybersecurity side of things.