silversurfer

Level 54
Verified
Trusted
Content Creator
Malware Hunter
The GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution, was hacked on Saturday, July 6.

"We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," the Ubuntu security team said in a statement.
"Canonical has removed the compromised account from the Canonical organisation in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected," it said.
"Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected."

The Ubuntu security team said it plans to publish another public update once it finishes its investigation into the incident, and after it carries out an audit and carries out any other needed remediations.

According to a mirror of the hacked Canonical GitHub account, the hacker created 11 new GitHub repositories in the official Canonical account. The repositories were empty.

Two days before the incident, cyber-security firm Bad Packets detected internet-wide scans for Git configuration files. Such files can often contain credentials for Git accounts, like the ones used to manage code on GitHub.com.
I'm interested if there's any correlation with the recent mass scanning for exposed git config files. https://t.co/ckGt158CXc
— Bad Packets Report (@bad_packets) July 7, 2019
 

Vasudev

Level 30
Verified
Few days ago, my Ubuntu machine downloaded few updates and it broke something but I reverted back to older image. Today, I got small issue and I reverted back each and every SW package to ubuntu repo defaults instead of bleeding edge PPA release and it fixed the issue. My issue was XFCE whisker menu,panel and title bar goes missing but are working fine only in recovery mode.
 
Last edited:

Local Host

Level 19
Verified
They were lucky this was done by a kid, he was just trolling around and creating repos, could have been way worse, like,
But all these Ubuntu security incidents pale in comparison to what happened to Linux Mint in February 2016 when hackers breached the site and tainted the operating system's source code with a backdoor. A similar incident happened to the Gentoo Linux distro in June 2018 when hackers gained access to the distro's GitHub repo and poisoned some GitHub downloads with an OS version containing a backdoor.
How can they secure their distros, if they can't even secure their accounts and services.