Hi There,
last night our all of our repository saw something unusual in our account repositories and hacker insrted malign javascript in many of our files, also changed .gitignore.
the the commit created by them has this pattern.
- The commit name copied from last commit and appended committer name in it.
- changed .gitignore file
- commonly used javascript libraries [e.g. bootstrap.js, jquery.min.js, login.js etc] were bugged with code to dynamically append some JS code to steal password if any entered on form.
for now we have revert back the changes, but Can someone help us to prevent such kind of hacks in future, we were using app passwords. can we track how these commmit were created and from where this leak happened.
Please help if someone else had this kind of issue.