A hacker is demanding ransom for hundreds of stolen Git code repositories

Late last week, a hacker stole data from hundreds of Git code repositories and is holding it all for ransom on their servers, threatening to release code to the public if affected owners don’t pay up. GitHub, Bitbucket, and GitLab users who reported that their code had disappeared found the following ransom note in its place:

When the ransom note first appeared on Friday, it stated that owners have 10 days to pay 0.1 bitcoin, which is currently about $565. Even though time is winding down until May 13th, there may be a recourse for retrieving your data without paying. Contacting the support line for your service may be helpful in the short and long term, as these companies are always working to address the vulnerabilities through which the hacker found a way in.

If contacting support hasn’t worked out for you yet, ZDNet also points out that a StackExchange user has a few tips on recovering stolen data, though it may be retrieved in a mangled state.

The hacker supposedly combed through the internet for Git config files, then extracted credentials listed in plain text to gain access. The lesson? Don’t store your passwords in plain text. Even the accounts with seemingly hack-proof passwords were at risk. Kathy Wang, GitLab’s director of security, insisted in a statement to ZDNet that users can protect themselves against future attacks like this one by using password management tools locked down with two-factor authentication.