Earlier this week, the officials from Gentoo Linux, a Linux distribution, revealed that hackers managed to break into its GitHub account with infected code to manipulate its software and webpages. The officials instructed its users to not fetch anything from Gentoo via GitHub until the things are sorted out.
“Today, 28 June, at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization and modified the content of repositories as well as pages there,” Gentoo dev Alec Warner said in a bulletin. “We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised.”
The Gentoo’s security team responded quickly to the incident by sending the misuse notification within 30 minutes of the attack. “The Gentoo GitHub was frozen 70 minutes after the malicious actor gained access, with the Gentoo Infrastructure team identifying the entry point and removing all access for that account from ‘primary Gentoo properties’ as a pre-emptive security measure shortly thereafter,” the incident report stated.
The developers of Gentoo Linux released a distro’s wiki page describing the incident. It unveiled three possible novice mistakes: a weak password, no two-factor authentication and its weak strategies that led to the hack.
The wiki page also stated that the project got lucky. “The attack was loud; removing all developers caused everyone to get emailed. Given the credential taken, its likely a quieter attack would have provided a longer opportunity window.” the wiki revealed.
The code sharing site, Github faced the similar issue when a Chinese drone maker Da-Jiang Innovations (DJI) landed itself into a cybersecurity row over a bug bounty issue. On November 21, 2017, Kevin Finisterre, an independent security researcher, claimed that he found a private key publicly posted on code sharing site Github, after which he was able to access confidential and sensitive customer information and saw “unencrypted flight logs, passports, drivers’ licenses and identification cards.”