The last time Hackerfall tried to access this page, it returned a not found error. A cached version of the page is below, or click here to continue anyway

Github censored malware research data

Github censored malware research data

Friday October 14, 2016 in Security

Update Oct 15: Gitlab also removed my data, but later admitted that it had misinterpreted it, and it was quickly reinstated. See discussion on Hacker News and Gitlab statement.

Hey, you know what will fix the problem of malware on stores? Suppressing stories about malware on stores.— Troy Hunt (@troyhunt) October 15, 2016

GitLab reinstates @gwillem's list of infected online stores.— Mikko Hypponen (@mikko) October 15, 2016

We learned that not all disclosures that don't notify the owner are irresposible, thanks @gwillem /cc @Hacker0x01— GitLab (@gitlab) October 15, 2016

This incident was really well handled by @gitlab all around— The Practical Dev (@ThePracticalDev) October 16, 2016

After publishing a list of compromised online stores, I was contacted by several persons who claimed their site had not been compromised (while in fact they were, as provides solid proof) and threatened to sue me.

Then last night, Github removed my research results, without sending me a notice.

First, some facts:

  1. Data came from public sources such as, DNS zones and site frontpages.
  2. The list I published at Oct 11th, was accurate as of Oct 10th.
  3. I have published an updated list as of Oct 12th (also taken offline by Github) that showed that 332 shops had in fact fixed their site since my publication. It also showed that 170 new shops had been compromised.
  4. I wrote about this in 2015. The problem is not solved today, in fact it has nearly doubled.
  5. I have told and stressed to any journalist that the problem is not with a particular type of store software, but due to sloppy maintenance.
  6. I have contacted about 30 merchants directly. I got either no response, or thanks but we are safe even though I pointed out the specific malware code on their frontpage.
  7. I have, prior to publication, submitted all URLs and malware samples to Googles Safe Browsing team. They have since only acted upon a small portion of the sites.

I understand that Github doesnt have the resources to investigate each and every DMCA notice. However, it still took me by surprise that Github censors data so easily.

So I am happy to have moved my data to Gitlab (co-founded by an amazing Dutch guy) today.

Here is an up to date list of compromised stores, which was established 40 minutes ago (Oct 14th).

I understand that if you are a merchant, it is not a pleasure to be on that list. I absolutely agree that publishing a list of compromised stores is a tough measure. However, I think this is better than letting the problem fester (as it has been since 2015). If you have cleaned your store, send me an email (preferably with a Magereport screenshot) and Id be happy to remove you.

So far, between Oct 10 and Oct 14, 631 stores have been fixed. Great work everybody!

Continue reading on