The GitHub account of Canonical Ltd, the company responsible for the distribution of Linux Ubuntu, was hacked this Saturday. The hacker had access to the private platform and created several repositories to mark his presence.
In a statement, the Ubuntu security team confirmed the breach. “We can confirm, that a Canonical account was compromised and was used to create repositories and issues, among other activities.” According to a mirror of the hacked account, the pirate created eleven new empty repositories in the GitHub account.
On the other hand, the security team cut all nexus between the account and the Canonical organization on GitHub. It is still being investigated whether some of the source code or personal information may have leaked in the hack. “In addition, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub, and there is no indication that it has been affected,” the Ubuntu security team announced.
The team’s experts plan to publish a public update of the Linux distribution at the end of their investigation.
I’m interested if there’s any correlation with the recent mass scanning for exposed git config files. https://t.co/ckGt158CXc
— Bad Packets Report (@bad_packets) July 7, 2019
It is not the first time for Ubuntu
For those who know, this is an old story: it is not the first time that hackers mess with Ubuntu, and with Linux.
Ubuntu’s official forums have been hacked three times in the past: July 2013, July and December 2016. In the first violation, data of 1.82 million users and more than two million were stolen in July 2016.
Also, in May of 2018 a malicious package was discovered in the official Ubuntu store, with a program to mine cryptocurrencies hidden in the code.
However, the most serious incident to date was Linux Mint in 2016 and Gentoo in 2018. In both cases the hackers entered the official site – and in the case of Gentoo, to the GitHub repositories – and contaminated both operating systems with a backdoor.
At least this incident had less bad consequences.