Ubuntu-maker Canonical's GitHub account hacked

Canonical -- the company behind the Ubuntu Linux distro -- is investigating an attack on its GitHub account over the weekend.

On Saturday, hackers were able to break into Canonical's GitHub account and create a number of new repositories. Named CAN_GOT_HAXXD, the eleven repositories were empty and have now been removed. Canonical says that no source code was accessed, but it is not yet known who carried out the attack.

See also:

• Canonical foolishly backpedals on 32-bit packages in Ubuntu Linux
• Steam will not support Ubuntu 19.10 onwards
• Ubuntu is dropping i386 support and WINE developers are irked

Canonical Ltd issued a statement saying that while source code and personally identifiable information are untouched, an investigation is underway: "We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," the Ubuntu security team said in a statement".

The company goes on:

Canonical has removed the compromised account from the Canonical organisation in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected.

Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected.

Canonical says that it will issue further statements as its investigation continues and any necessary remedial action has been taken.