Git ransom campaign incident report—Atlassian Bitbucket, GitHub, GitLab

Atlassian Bitbucket, GitHub, and GitLab issued a joint blog post to address a recent Git ransomware incident, aiming to educate users on secure practices and share details of the event. On May 2, user accounts across these platforms were compromised due to credential leakage, leading to public and private repositories being held for ransom. The incident involved automated attacks using legitimate credentials, where repositories were overwritten with a ransom note demanding Bitcoin payments. Investigations revealed that the attack stemmed from a third-party credential dump, and the platforms have since invalidated compromised credentials and notified affected users. The companies emphasize the importance of enabling multi-factor authentication, using strong and unique passwords, and safeguarding personal access tokens to prevent such incidents. They also provide guidance on recovering affected repositories and encourage users to utilize available security features on their respective platforms.