Language Selection

English French German Italian Portuguese Spanish

Canonical GitHub account hacked, Ubuntu source code safe

Filed under
Microsoft
Security
Ubuntu

The GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution, was hacked on Saturday, July 6.

"We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," the Ubuntu security team said in a statement.

"Canonical has removed the compromised account from the Canonical organisation in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected," it said.

"Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected."

Read more

Canonical's Ubuntu repos on Github hacked

  • Canonical's Ubuntu repos on Github hacked

    Canonical Ltd, the company behind the popular Ubuntu Linux distribution, has had its software repositories on Github hacked by unknown attackers.

    The hack appears to be limited to a defacement, with 11 new repos sequentially named CAN_GOT_HAXXD_1, `with no existing data being changed or deleted.

Ubuntu maker’s GitHub account hacked

  • Ubuntu maker’s GitHub account hacked — but the source code is safe

    The GitHub account of Canonical Ltd., the company behind the popular Ubuntu Linux distribution, was hacked over the weekend on July 6.

    While the hacker’s identity remains unknown, they managed to compromise the account’s credentials to create 11 new empty repositories. The repositories were named “CAN_GOT_HAXXD.”

Blaming Canonical, not GitHub

  • Canonical’s GitHub Account ‘Hacked’ But Ubuntu Repos Are Safe [Ed: GitHub accounts are Microsoft's, not Canonical's, but whatever... Canonical's GitHub account compromised, so corporate media funded by Microsoft (CBS paid for ads etc.) says Ubuntu hacked; never mind if GitHub is actually a Microsoft platform...]

    While the extent of the breach is still being investigated, the security team said that there is no indication that the source code or PII was affected.

    Moreover, the Launchpad infrastructure where the Ubuntu distribution is built and maintained has been disconnected from GitHub. There is also no sign that it has been affected.

    The mirror of the hacked Canonical GitHub account shows that the attacker created 11 new GitHub repositories sequentially named CAN_GOT_HAXXD_1. Surprisingly, those repositories were empty.

    So it seems that the hacking incident was limited to defacement only as there is no proof of existing data being changed or deleted.

    Meanwhile, a cyber-security firm called Bad Packets, tweeted that it detected internet-wide scans for Git configuration files just two days before the incident.

Ubuntu Source code is Safe in the Canonical GitHub

  • Ubuntu Source code is Safe in the Canonical GitHub account hacking!

    The canonical Security is once again under questionable notice. The forum has been hacked thrice on different occasions. In July 2013, details of 1.82 Million users were stolen by hackers followed by the second hacking where 2 million users data were stolen in July 2016 and in July 2019, the Github account of Canonical limited has been hacked.

    This company works behind the distribution of Ubuntu Linux and was hacked on July 6th, 2019. The Security team accepted that the Canonical owned account on Github was compromised on credentials and was used to create disturbance and issues among other activities. Though the company has removed the account from the organization in Github, it is still working on checking out the breach. The company believes that the source code or PII was affected in any way.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Annual Report 2018: LibreOffice development

Throughout the second half of 2018, the developer community worked on a new major release: LibreOffice 6.2. Details about the end-user-facing new features are provided on this page, and in the following video – so in the rest of this blog post, we’ll focus on developer-related changes. Read more

Programming Leftovers

Linux Kernel: Chrome OS, Direct Rendering Manger (DRM) and Char/Misc

  • Various Chrome OS Hardware Support Improvements Make It Into Linux 5.3 Mainline

    Various Chrome OS hardware platform support improvements have made it into the Linux 5.3 kernel for those after running other Linux distributions on Chromebooks and the like as well as reducing Google's maintenance burden with traditionally carrying so much material out-of-tree.

  • The Massive DRM Pull Request With AMDGPU Navi Support Sent In For Linux 5.3

    At 479,818 lines of new code and just 36,145 lines of code removed while touching nearly two thousand files, the Direct Rendering Manger (DRM) driver updates for Linux 5.3 are huge. But a big portion of that line count is the addition of AMD Radeon RX 5000 "Navi" support and a good portion of that in turn being auto-generated header files. Navi support is ready for the mainline Linux kernel!

  • Char/Misc Has A Bit Of Changes All Over For Linux 5.3

    The char/misc changes with each succeeding kernel release seem to have less changes to the character device subsystem itself and more just a random collection of changes not fitting in other subsystems / pull requests. With Linux 5.3 comes another smothering of different changes.

today's howtos