GitHub

GitHub experienced a ransomware attack which include at least 392 GitHub repositories.

Some users who fell victim to this hacker have admitted to using weak passwords for their GitHub, GitLab, and Bitbucket accounts.

However, all evidence suggests that the hacker has scanned the entire internet for Git config files, extracted credentials, and then used these logins to access and ransom accounts at Git hosting services.

It was found that Hundreds of developers have had Git source code repositories wiped and replaced with a ransom demand.

Source: https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/

TPRM report: https://scoringcyber.rankiteo.com/company/github

"id": "git02020323",
"linkid": "github",
"type": "Ransomware",
"date": "05/2019",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Hundreds of developers',
                        'industry': 'Software Development',
                        'name': 'GitHub',
                        'type': 'Company'}],
 'attack_vector': ['Weak Passwords', 'Credential Scanning'],
 'data_breach': {'type_of_data_compromised': 'Source Code'},
 'description': 'GitHub experienced a ransomware attack which included at '
                'least 392 GitHub repositories. Some users who fell victim to '
                'this hacker have admitted to using weak passwords for their '
                'GitHub, GitLab, and Bitbucket accounts. However, all evidence '
                'suggests that the hacker has scanned the entire internet for '
                'Git config files, extracted credentials, and then used these '
                'logins to access and ransom accounts at Git hosting services. '
                'It was found that hundreds of developers have had Git source '
                'code repositories wiped and replaced with a ransom demand.',
 'impact': {'data_compromised': 'Source Code Repositories',
            'systems_affected': 'GitHub, GitLab, Bitbucket'},
 'initial_access_broker': {'entry_point': 'Weak Passwords'},
 'motivation': 'Financial',
 'post_incident_analysis': {'root_causes': 'Weak Passwords'},
 'title': 'GitHub Ransomware Attack',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Weak Passwords'}

GitHub

Ingram Micro Holding Corporation

Louis Vuitton

WideOpenWest (WOW!)