Canonical's GitHub account, the creators of Ubuntu, was hacked.
Canonical’s GitHub account, the creators of Ubuntu, was hacked.
The GitHub account of Canonical Ltd., the company responsible for the distribution of GNU/Linux, Ubuntu, and other projects, was hacked this past Saturday, July 06.
In a statement, a head of the organization confirmed that the attackers used an official account whose credentials were compromised to gain unauthorized access to Canonical’s official report at the world’s largest hosting service for version control, software development and exchange.
“Canonical has removed the compromised account and is still investigating the extent of the violation, but there is no indication at this time that any source code has been affected,” they say. Fortunately, the attack appears to be limited to page deconfiguration and the creation of eleven empty repositories sequentially called CANGOTHAXXD_1 (without existing data being changed or deleted) and not an attempt to distribute modified malicious versions of open-source software.
Since the organization now uses the Launchpad hosting platform to create and maintain Ubuntu, unauthorized changes to its Github account do not affect what is the most popular distribution on the market: “The Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub, and there is no indication that it has been affected,” they added. The official Ubuntu forums have been hacked three times in the past: July 2013, July and December 2016. In the first violation, data was stolen from 1.82 million users and more than two million in July 2016.
Also, in May 2018 a malicious package was discovered in the official Ubuntu store, with a program to mine crypto coins hidden in the code. However, the most serious incident to date was Linux Mint in 2016 and Gentoo in 2018. In both cases, hackers entered the official site - and in the case of Gentoo, the GitHub repositories - and contaminated both operating systems with a backdoor.
The Ubuntu security team said it plans to publish another public update once it finishes its investigation into the incident, and after it carries out an audit and carries out any other needed remediations.