The hacker (who is either an individual or a group) claims to have breached Microsoft’s private GitHub repositories and to have additionally stolen 500GB of important Microsoft data. Shiny Hunters disclosed the theft by contacting news site BleepingComputer. GitHub repositories can contain private API keys and passwords, deposited by developers.
According to Balbix CTO Vinay Sridhara, the data collection should be a wake up call for the enterprise. Sridhara tells Digital Journal that: “The ShinyHunters breach shows how critical it is for cybersecurity teams to move as quickly as the malicious actors targeting them. The sheer number and diversity of the organizations breached shows that many enterprises lack the level of cyber hygiene needed to protect sensitive user data.”
Looking into the hacker practices, Sridhara says: “Well known best practices such as database encryption, multifactor authentication and password managers, and timely patching of critical assets could help organizations avoid the majority of these breaches.”
Sridhara adds further, looking at the impenetrability of the dark web: “It’s also worth noting the domino effect of these breaches: with millions of user records on the dark web, it’s easy for hackers to decipher login credentials. And considering that 99 percent of people reuse passwords across an average of 2.7 work and personal accounts (see: ‘State of Password Use Report 2020‘), the ShinyHunters collection could compromise many millions of enterprise accounts, in addition to the accounts already compromised directly in this breach.”
The warning here is clear – use different and more complex passwords, or consider multi-factor authentication, or alternative systems of cybersecurity such as biometrics.