Many large companies use them as a SaaS dvcs provider for private, closed source repositories. They provide a great tool for an agile workflow at a good price, what more is there to say?
Obviously I have nothing to go on for this, but just guessing, it would seem to make sense that:
- Of all users, only a small subset would have private repos
- Of those users, only a small subset would have private repos that would be of interest to third parties
- Of those users, only a small subset would have a weak enough password to allow brute force
To reverse it, of these accounts that were hacked, I can't see many of them having private repos that would be of interest.
And if so, then this would seem a bit excessive.
I know that's a lot of ifs, but it seems reasonable. I would be interested to see the number of total accounts vs. the number of accounts w/ private repos.
- That private repos are the only thing worth targeting. What if you could inject a trojan into a popular open source project? You could do a lot of damage that way, probably way more than on private repo, because so many people incorporate them in their products. Imagine they hacked the Rails repo, for example. Worse, some repos host binaries, for which a meddling would be harder to detect (a bad idea, but doesn't mean it doesn't happen).
- That the users being attacked are random and not specifically targeted based on who the user is and what the work on. Not sure if that's the case or not, but I see no reason to assume it.
