On Saturday, Ubuntu-maker Canonical Ltd’s source code repositories were compromised and used to create repositories and issues among other activities.
The unknown attacker(s) used a Canonical owned GitHub account whose credentials were compromised to unauthorizedly access Canonical’s Github account. According to a mirror of the hacked Canonical GitHub account, the hacker created 11 new GitHub repositories in the official Canonical account. The repositories were empty and sequentially named CAN_GOT_HAXXD_1, `with no existing data being changed or deleted.
The Ubuntu source code remains unaffected. A Canonical representative said in a statement, “There is no indication at this point that any source code or PII was affected. Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected.”
The hack appears to be limited to a defacement, as if the hacker(s) had added malicious code to Canonical projects, then they wouldn’t have drawn attention by creating new repositories in the Canonical GitHub account.
The official Ubuntu forums had been hacked on three different occasions, first in July 2013, when hackers stole the details of 1.82 million users. Second in July 2016, when the data of two million users was compromised. Third, in December 2016 when Ubuntu Forums was hacked with 1.8 Million users credentials stolen. In May, this year attackers wiped many GitHub, GitLab, and Bitbucket repos with ‘compromised’ valid credentials leaving behind a ransom note.
Canonical has since removed the compromised account from the Canonical organisation in GitHub and is still investigating the extent of the breach. The Ubuntu security team said it plans to post a public update after our investigation, audit and remediations are finished.
Twitter was flooded with people warning others about the hack.
Canonical, which makes Ubuntu, confirms its GitHub account was hacked but that all Ubuntu code development is unaffected as it's on a different system. https://t.co/inOZIjIJHK pic.twitter.com/glXI50INOR
— Zack Whittaker (@zackwhittaker) July 7, 2019
The GitHub account of Canonical, the firm behind the Ubuntu Linux distribution, was hacked on Saturday https://t.co/A7CdPPallJ pic.twitter.com/fX3QCOF24O
— Graham Cluley (@gcluley) July 7, 2019
Ubuntu-Maker Canonical’s GitHub Account Gets Hacked https://t.co/gTMH1o9Do5 pic.twitter.com/NV2dROUBuT
— Eric Vanderburg (@evanderburg) July 7, 2019
Ubuntu has decided to drop i386 (32-bit) architecture from Ubuntu 19.10 onwards
DockerHub database breach exposes 190K customer data including tokens for GitHub and Bitbucket repositories
Attackers wiped many GitHub, GitLab, and Bitbucket repos with ‘compromised’ valid credentials leaving behind a ransom note.