The Canonical GitHub account was compromised
On July 6, Ubuntu’s Canonical GitHub account was hacked. The Ubuntu Security team stated that on July 6, 2019, Canonical’s GitHub account credentials were compromised and the hacker used the account to create a repository. Canonical has removed the infected account and is still investigating the extent of data breaches, and there is currently no indication that the source code or PII is affected. Canonical wrote:
“We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities,” David said.
“Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected.”
In addition, the Launchpad website, which builds and maintains the Ubuntu distribution, has been disconnected from GitHub and the site has not been affected. The Ubuntu security team said that once the investigation of the incident is completed and an audit is performed and other remedies are implemented, an update will be released. Based on the image of the attacked Canonical GitHub account, the hacker created 11 new GitHub repositories in the official Canonical account, and these repositories are empty.
Two days before the incident, network security company Bad Packets detected a full network scan of the Git configuration file. Such files usually contain Git’s account credentials. Prior to this incident, Canonical had some security incidents. In July 2013, July 2016 and December 2016, the official Ubuntu forum was hacked. In July 2013, the details of 1.82 million users were stolen; in July 2016, data of 2 million users was stolen. In May 2018, the official Ubuntu store was found to contain malicious Ubuntu packages for mining cryptocurrencies.