Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Some hacker created a commit in all of our repositories with bugged script to steal passwords.

Praveen Agarwal
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 16, 2024

Hi There, 

last night our all of our repository saw something unusual in our account repositories and hacker insrted malign javascript in many of our files, also changed .gitignore.

the the commit created by them has this pattern.

- The commit name copied from last commit and appended committer name in it.

- changed .gitignore file

- commonly used javascript libraries [e.g. bootstrap.js, jquery.min.js, login.js etc] were bugged with code to dynamically append some JS code to steal password if any entered on form.

 

for now we have revert back the changes, but Can someone help us to prevent such kind of hacks in future, we were using app passwords. can we track how these commmit were created and from where this leak happened.

 

Please help if someone else had this kind of issue.

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events