According to recent reports, git repositories hosted on GitHub, GitLab and Bitbucket are under attack, demanding ransom. Security directors from GitLab and Bitbucket have confirmed such reports, in a comment to BleepingComputer. GitLab.com has published a blog post about the attack as well, and steps to mitigate.
If you are an user of either of these git hosting services, you may want to consider working on these as soon as possible:
- Change your account password.
- Enable 2 step authentication if it hasn’t been enabled so far.
- Revoke access tokens, generate fresh ones and use them on your applications.
- Work on the git mitigation steps outlined on the GitLab.com blog post.
In addition, you may find these links helpful: