GitHub Account of Canonical Hacked, PII Source Code Safe
On 6th July Canonical owned account on GitHub was hacked and credentials were compromised and used to create repositories and issues among other activities.
Canonical removes the compromised GitHub account of the organization and continues to investigate the extent of the breach. However, there is currently no indication that source code or personal information is affected. Canonical Ltd. is the company behind the distribution of Ubuntu Linux.
“We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities,” the Ubuntu security team said in a statement.
The Ubuntu security team plans to release another public update once the investigation is complete, and then conducts an audit and makes other necessary repairs.
“Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected,” it said.
According to a mirror account created by GitHub, at Canonical, hackers have created 11 new GitHub repositories for official canonical accounts. The repositories were empty.
Two days before the incident, Cybersecurity firm Bad Package detected an Internet scan of the Git configuration file. These files can often contain credentials for Git accounts, such as those used to manage code on GitHub.com.
According to ZedNet, this is not the first incident for Canonical, the official Ubuntu forum was hacked in July 2013, and twice in July 2016.
In May 2018, an Ubuntu user found a Bytecoin Currency Miner has hidden in the source code of the Ubuntu Snap package in the official Ubuntu store.
The official Ubuntu forums had been hacked on three different occasions — in July 2013, in July 2016, and December 2016. Hackers stole the details of 1.82 million users in July 2013 and data from two million users in July 2016. The forum was defaced during the third incident.
A malicious Ubuntu package containing a cryptocurrency miner was also found on the official Ubuntu Store on May 2018.
But all these Ubuntu security incidents are derisory compared to what happened to Linux Mint in February 2016, when hackers breached the site and corrupted the operating system source code with a backdoor. A similar event occurred in the Gentoo Linux distribution in June 2018, when hackers accessed the GitHub repository through the distribution and infected multiple GitHub downloads with an operating system version that included a back door.