A hacker claims to have stolen more than 500GB of data from a private repository stored on a Microsoft GitHub account.
Microsoft, which owns GitHub, has yet to publicly comment on the breach, which does not appear to have affected any of the company's major software products.
The hacker, named "Shiny Hunters," disclosed the theft by contacting news site BleepingComputer.
The perpetrator claimed to own more than 500GB of files downloaded from Microsoft's private GitHub repository, and said he originally intended to sell the source code online. Instead, they now plan to release it for free.
Shiny Hunter provides a directory list with the name, size and timestamp of each stolen file.
None of these repositories seem to involve Microsoft's major products such as Windows, Office and Xbox. Instead, they are mostly code samples, test items, eBooks, and other generic items.
In fact, the authenticity of the entire loophole has been disputed. Microsoft employee Sam Smith tweeted that the company will only use GitHub for projects that eventually become open source and public.
He originally wrote that Microsoft's rules require all GitHub repositories to be made public within 30 days of creation, though this tweet has since been deleted.
True or false, the general consensus at the moment is that this breach has had little impact on Microsoft. If true, the most pressing concern would be how the hacker gained access in the first place.
Other security researchers have noted that GitHub repositories often contain private API keys and passwords that developers have mistakenly added, which, if discovered and used, could further expose Microsoft information.