A hacker has posted segments of what is claimed to be a massive 63.2 GB dump of Microsoft’s private GitHub repositories, takes as recently as the 03/28/2020 by the same hacker who hacked Indonesian company Tokopedia.
Screenshots of the directory listing of the files suggest the dump contains source code for Azure, Office and some Windows runtimes.
The news was confirmed by the Under the Breach twitter account, a data breach monitoring and prevention service:
After some research and because the actor dumped the entire dirlist of the private repositories, it appears this is real.
I doubt there is anything too private in these repositories but companies do sometime leave keys/passwords on Github by mistake. pic.twitter.com/4L8s18hQA0
— Under the Breach ? (@underthebreach) May 6, 2020
Despite the size of the hack, it is unlikely that many secrets will have been leaked. Microsoft’s repositories on GitHub are frequently intended for public availability, even when private, and Microsoft performs stringent checks and scans of uploaded code to manage exactly this scenario. Reportedly Microsoft keeps their crown jewels, Windows, in a massive internal 300 GB Git repository.