Skip to main content
  1. Home
  2. Computing
  3. News

Hackers demanding bitcoin payments for code held hostage from GitHub and GitLab

By

Hackers are demanding bitcoin payments in exchange for code that they have extracted from GitHub, GitLab, and Bitbucket repositories, through ransom notes that they have left behind for their victims.

Hackers have removed all the source code from the repositories, and in exchange is a ransom note that demands 0.1 bitcoin, which is equivalent to about $570. The hackers claim to be willing to send proof that they are indeed holding the code hostage, backed up on their own servers.

Recommended Videos

“If we don’t receive your payment in the next 10 days, we will make your code public or use them otherwise,” the hackers wrote to end the ransom note.

There were a total of 392 GitHub repositories that had their commits and code wiped out by an account named gitbackup, which was created seven years ago on January 25, 2012, according to Bleeping Computer. So far, none of the victims have succumbed and paid the ransom to the hackers, which is good as there is no assurance that the code will indeed be returned.

It remains unclear how the hacker or hackers are gaining access to the repositories to be able to wipe out the stored codes and leave behind the ransom note. One user received a response from Atlassian, the company behind Bitbucket and the cross-platform free Git client SourceTree, regarding an attempted breach.

“Within the past few hours, we detected and blocked an attempt — from a suspicious IP address — to log in with your Atlassian account. We believe that someone used a list of login details stolen from third-party services in an attempt to access multiple accounts,” Atlassian told the user.

According to investigations by GitHub, in cooperation with the security teams of other affected companies, there was no evidence that the authentication systems of the repositories were compromised. It appears that the account credentials of the victims were acquired by hackers from third-party exposures, which is one of the risks of using a username and password in more than one service.

GitHub recommends its customers to use two-factor authentication, in conjunction with strong passwords, for better protection. However, one victim said that the hackers were still able to gain access even with two-factor authentication enabled, suggesting a vulnerability within GitHub’s systems.

Editors’ Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
The best VR headsets for 2024
Fionna Ahomuoh using the Meta Quest 3 VR headset.

Virtual reality is finally crossing a threshold when everyone should be taking a closer look. As the number of VR headsets increases, getting the best one is important so you can truly appreciate what's possible. The challenge is finding the system that's right for you at a price you feel comfortable with.

Meta, HTC Vive, Sony, and Pimax stand out as the most popular and most active virtual reality brands. There's little doubt the $3,500 Apple Vision Pro is an impressive mixed-reality headset. However, there are plenty of other XR and VR headsets that are much more affordable than the Vision Pro and deliver a great, immersive experience for gaming, 3D movies, and even productivity. It's a good idea to check out all the options, and we've collected the very best here to make it easy to find the perfect VR headset for you.

Read more
How to know which Mac to buy — and when to buy it
The M4 Mac mini being used in a workplace.

If you’re in the market for a new Mac (or Apple display), there’s a lot of choice ahead of you. Maybe you're interested in a lightweight MacBook Air from the selection of the best MacBooks -- or maybe one of the desktop Macs. Either way, there’s a wide variety of Apple products on offer, including some external desktop monitors.

Below you'll find the latest information on each model, including if it's a good time to buy and when the next one up is coming.
MacBook Pro

Read more
AMD Ryzen AI claimed to offer ‘up to 75% faster gaming’ than Intel
A render of the new Ryzen AI 300 chip on a gradient background.

AMD has just unveiled some internal benchmarks of its Ryzen AI 9 HX 370 processor. Although it's been a few months since the release of the Ryzen AI 300 series, AMD now compares its CPU to Intel's Lunar Lake, and the benchmarks are highly favorable for AMD's best processor for thin-and-light laptops. Let's check them out.

For starters, AMD compared the Ryzen AI 9 HX 370 to the Intel Core Ultra 7 258V. The AMD CPU comes with 12 cores (four Zen 5 and eight Zen 5c cores) and 24 threads, as well as 36MB of combined cache. The maximum clock speed tops out at 5.1GHz, and the CPU offers a configurable thermal design power (TDP) ranging from 15 watts to 54W. Meanwhile, the Intel chip sports eight cores (four performance cores and four efficiency cores), eight threads, a max frequency of 4.8GHz, 12MB of cache, and a TDP ranging from 17W to 37W. Both come with a neural processing unit (NPU), and AMD scores a win here too, as its NPU provides 50 trillion operations per second (TOPS), while Intel's sits at 47 TOPS. It's a small difference, though.

Read more