Canonical Ltd.’s GitHub account, the company behind Ubuntu Linux distribution, was hacked on Saturday, 06 July.
In a statement, the Ubuntu security team said, “We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities,”
“Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected. Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected,” it said.
The Ubuntu security team is planning to publish another public update once it is done with the investigation into the incident, and after it brings out an audit along with any other needed remediations.
According to a mirror of the hacked Canonical GitHub account, the hacker created 11 new GitHub repositories in the official GitHub account. The repositories were found empty. Just two days before the incident, cybersecurity firm Bad Packets detected scans for GitHub configuration files, since such files can uphold credentials for Git accounts, similar to the ones used to manage code on Github.com.
This weekend’s Canonical GitHub security incident is not the prime one through which the company has gone through. The official GitHub account has been hacked thrice- in July 2013, in July 2016, and in December 2016. Details of nearly 1.82 million users were stolen by the hacker in July 2013, information of 2 million users in July 2016, and the forum further just defaced in the third incident.
A malicious Ubuntu package consisting of a cryptocurrency miner was also found on the official Ubuntu Store in May 2018. Now, if the hacker has added malicious code to Canonical projects, then he might not have drawn attention to himself by building the latest repositories in the GitHub account.