The hackers claim all source code has been downloaded and stored on one of their servers.
“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address and contact us by email at [email protected] with your Git login and a proof of payment,” read the ransom message.
“If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers.”
“If we don’t receive your payment in the next 10 days, we will make your code public or use them otherwise,” the hackers’ message read.
Kathy Wang, Director of Security for GitLab, quoted that they immediately began an investigation into the issue.
“We have identified affected user accounts and all of those users have been notified. As a result of our investigation, we have strong evidence that the compromised accounts have account passwords being stored in plaintext on deployment of a related repository,” Wang told ZDNet.
Jeremy Galloway, a security researcher at Atlassian, which owns BitBucket, told Motherboard that the company has seen a number of users’ repositories getting hit by these hackers and demanding ransom in bitcoins.