GitHub account belonging to Ubuntu Linux maker Canonical hacked
A GitHub account belonging to Canonical Ltd., the maker of Ubuntu Linux, was hacked over the weekend as a hacker created new repositories in the process.
The hack took place on Saturday via compromised credentials. The hacker created 11 new repositories with names such as “CAN_GOT_HAXXD_2” and “CAN_GOT_HAXXD_4.”
The Ubuntu Security team confirmed the attack, saying on Twitter that the compromised credentials were “used to create repositories and issues among other activities,” without specifying what the other activities were.
“Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected,” the team said.
Emphasizing that the software itself was always safe, the team added that “the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected.”
Exactly who was behind the hack or their intent remains unclear, although given the names of the repositories created it may have been nothing more than an online defacement. Canonical is promising to post updates following an investigation and audit into the incident.
Ouch https://t.co/eBqW0TJHTV #Ubuntu #Canonical #sécurité pic.twitter.com/KYPVFO5G7U
— Damien Clauzel (@dclauzel) July 6, 2019
The isn’t the first time GitHub accounts have been hacked recently. In May it was reported that someone was hacking GitHub repositories and holding code for ransom. A sort of variation on ransomware but without the encryption of files, the hack enabled attackers to gain access to GitHub accounts, delete data and then demand a ransom payment in return for the deleted data.
The official Ubuntu forum was hacked in June with some 2 million user names and passwords stolen. It’s not impossible that a Canonical employee may have been using the same credentials on the GitHub account used on the Ubuntu forum.
Image: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU