Forum:Is it safe to keep our data in github
4
0
Entering edit mode
4.5 years ago
rprog008 ▴ 70

As many of you will be aware about A hacker by the name of Shiny Hunter recently claimed to have breached Microsoft's private GitHub repositories. Further, the attacker claims to have stolen 500GB of important Microsoft data. A report states that the hacker initially planned to sell Microsoft's private projects but later changed his mind. The attacker is now reportedly looking to give away the stolen data for free.

After this incident I am bit concerned if the data which I have kept in my github account in private mode is safe. Or shall I delete those date from my accoumt. Is there any other alternative which we can use like guthub.

More information about the incident can be found at https://gbhackers.com/microsofts-github/

github • 2.1k views
ADD COMMENT
3
Entering edit mode

If you are afraid of hacking then better store your data on a local harddrive and disconnect the PC from the internet. If you store anything online it can potentially be hacked. This is how it goes with the internet.

ADD REPLY
2
Entering edit mode

I see no problem with storing code/data on GitHub particularly.

However, if you are using something like human patient data, you are in a lot more trouble for storing it on something like GitHub, hacker or no hacker.

ADD REPLY
0
Entering edit mode

We are working with real human data and after talking with my collaborator, we have decide to shift our data to privately own server which may be more secure. Thank you. As my professor and me are new to github, This all suggestion helping us. 🤗

ADD REPLY
0
Entering edit mode

I personally would not worry from a more humble perspective. What I'm working on is likely not of the scale of what microsoft is working on, neither do I have a financial situation nor status like microsoft ;-)

Moreover, github is rather to store code not really data itself .

ADD REPLY
3
Entering edit mode
4.5 years ago
Joe 21k

I'm going to add a dissenting point of view, and point out that if the alternative to something cloud based is a local private server that you will run yourself, you need to ask yourself this question:

Do I have the necessary knowledge to satisfactorily secure the server, above and beyond a service which will have dedicated DevOps and InfoSec teams?

Or to state it more plainly: a private server run by someone that doesn't know how to secure a server, is not more secure than a cloud solution secured by people that do.

There is also the additional burden of being your own sysadmin (speaking from experience), and having to deal with drives crashing, monitoring your RAID integrity, installing programs, helping other potential users...etc...etc...

ADD COMMENT
2
Entering edit mode
4.5 years ago
Mensur Dlakic ★ 28k

We used to need meat and cheese platter-sized hard drives to store 10Mb of data. Luckily, data storage solutions are much cheaper and smaller these days. If you want to keep something truly private, the storage should be private as well. One can easily get tens of terrabytes of disk space for under $1000, so I would not rely on Microsoft security for private data.

ADD COMMENT
0
Entering edit mode

Thanks .. i would like to rearrange everything as stated by you and yuka. Thanks for your detail insight . As i am new to using github, your suggestion is very helpful.🤗

ADD REPLY
2
Entering edit mode
4.5 years ago
Yuka Takemon ▴ 40

Hi Rprog008,

Personally, I would never keep data on GitHub and would suggest that you remove your data from GitHub. For the most part, data should be stored on your company/personal server where only you and your colleagues have secured and restricted access to. Especially true with raw data, there is no need to alter or modify that and thus doesn't require version control on GitHub.

For myself, the most valuable thing is the raw data, so I protect that behind my company's firewall with a dedicated team of specialists who keep that safe. My code on GitHub only allows me to reproducibly develop my analysis and collaborate with others. My code would be very useless without the data on which it is built.

This is just my own opinion as a biomedical scientist and bioinformatician. I am sure this opinion will differ between various disciplines.

ADD COMMENT
0
Entering edit mode

I do agree with you. Recently, one professor asked me to collaborate and work in github during this covid19 pandamic. After reading this news, i feel a little bit stressed. As most of the code is written by me and yes its not an ugly one. It written in a very well organised way so that my collaborators can understand as well what we are doing. I think your suggestion is best one. Thanks.

ADD REPLY
1
Entering edit mode

you can use private repos on github for sharing the code with trusted parties. one always needs to start on the assumption that no data is safe when connected, by default.

ADD REPLY
0
Entering edit mode
4.5 years ago

Depending on your jurisdiction, there are criteria/rules for selecting a data hosting service for sensitive data. As far as I know GitHub is not suitable for this in Europe and cloud providers have to have gone through some certification process before you can host sensitive data with them. If you're dealing with patient/sensitive data I suggest you get up to speed with the rules and regulations that apply to you/your data because if patient data in your care are leaking for whatever reason, you'll be in trouble for not having followed procedures.

ADD COMMENT
2
Entering edit mode

Yep, this is exactly what I was alluding to in my comment on the OP.

Laying out a plan to manage the data in an effective and compliant manner is also usually a key facet of grant applications or contracts involving working on any such sensitive data.

If you did have sensitive data on GitHub rprog008, I would suggest you do everything within your power to find out if the hack compromised what you had stored (and assume it did until you know otherwise). Simply moving all future data may not be enough to satisfy auditors and relevant authorities.

ADD REPLY
0
Entering edit mode

Thanks joe. That is what i am trying to do now.

ADD REPLY

Login before adding your answer.

Traffic: 2945 users visited in the last hour
Help About
FAQ
Access RSS
API
Stats

Use of this site constitutes acceptance of our User Agreement and Privacy Policy.

Powered by the version 2.3.6