An unknown hacker yesterday efficiently managed to hack into the official GitHub account of Canonical, the corporate behind the Ubuntu Linux challenge and created 11 new empty repositories.
It seems that the cyberattack was, fortuitously, only a “loud” defacement try reasonably than a “silent” refined supply-chain assault that might have been abused to distribute modified malicious variations of the open-source Canonical software program.
In an announcement, David from Canonical confirmed that attacker(s) used a Canonical owned GitHub account whose credentials had been compromised to unauthorizedly entry Canonical’s Github account.
“We will affirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials had been compromised and used to create repositories and points amongst different actions,” David stated.
“Canonical has eliminated the compromised account from the Canonical group in GitHub and remains to be investigating the extent of the breach, however there isn’t any indication at this level that any supply code or PII was affected.”
David additionally confirmed that for the reason that firm now makes use of Launchpad internet hosting platform to construct and preserve Ubuntu distributions, unauthorized modifications on its Github account does not have an effect on its standard and widely-used Linux working system and its million of customers.
“Moreover, the Launchpad infrastructure the place the Ubuntu distribution is constructed and maintained is disconnected from GitHub, and there may be additionally no indication that it has been affected,” David added.
“We plan to put up a public replace after our investigation, audit, and remediations are completed. Thanks, your belief in Canonical is vital to us, which is why we take privateness and safety a precedence.”
The corporate is at the moment reviewing the supply code obtainable on GitHub to research the extent of the breach and have promised to share extra particulars concerning the incident shortly.
Final 12 months, GitHub account of Gentoo Linux distribution was additionally hacked utilizing password-guessing assault, and attackers efficiently managed to interchange the content material of its repositories and pages with malware.
Keep tuned for extra info on this incident.