ANOTHER DAY, ANOTHER HACKING. This time it's the company behind Linux distribution Ubuntu that's the victim, after a hacker got hold of a login for the Canonical's GitHub account and pushed 11 new repositories.
Each repository was empty and unlikely to fool anyone, given the hacker used easy to spot names such as "CAN_GOT_HAXXD_3" and "CAN_GOT_HAXXD_4." You can probably guess the other nine, but if not this mirror on the web archive shows the extent of the damage.
As you might have gathered from the unsubtle approach the hacker took, it looks like this was more digital graffiti than a real desire to cause harm to developers working off Canonical code.
"We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," the Ubuntu security team said.
"Canonical has removed the compromised account from the Canonical organisation in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected."
Crucially, Ubuntu added, the software itself was always safe. "Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected."
The Ubuntu security team added that it'll give another public update once it's looked further into the hack to see how it happened and whether any other fixes need to be carried out to prevent any more embarrassing break-ins in future.
Still, you can understand Ubuntu users feeling a little wary, given the official forums have previously been hacked in 2013 and then again in 2016. Maybe this is just the start of a fun triennial tradition for Linux fans. µ
Bad for shareholders, mildly good for the planet
YouTube on the Tube
Claims that it hasn't ever actually worked