GitHub-related incidents, including outages, high-severity flaws, and malicious attacks. It underscores the importance of maintaining robust security practices, including regular backups, to protect source code and metadata. The incidents highlight various vulnerabilities and the innovative methods employed by malicious actors to exploit GitHub for their purposes.
GitHub Incidents
1. Hackers abuse GitHub (December 2023):
Malicious actors used GitHub for hosting malware, leveraging secret Gists and issuing commands via git commit messages to avoid detection and control compromised hosts. The Hacker News
2. 15K Go Module Repos Vulnerable to RepoJacking (December 2023):
Researchers discovered that over 15K Go module repositories on GitHub are susceptible to RepoJacking due to username changes and account deletions. The Hacker News
3. Cyberattack on GitHub Customers (July 2023):
A North Korean hacking group targeted personal accounts of employees in technology sectors, using social engineering to infect victims’ data with malware. The Record
4. Millions of Repos Vulnerable to RepoJacking (June 2023):
AquaSec’s research indicated that millions of GitHub repositories are potentially vulnerable to RepoJacking, posing a significant supply chain attack risk. Bleeping Computer
5. GitHub Outage Due to Configuration Change (May 9, 2023):
A configuration change caused a major outage, degrading 8 out of 10 services and resulting in widespread failures in reading newly-written Git data. GitHub Blog
6. GitHub App Authentication Token Issuance Degradation (May 10, 2023):
An increase in write latency for GitHub App auth tokens led to degraded service for 6 out of 10 main services, affecting GitHub Actions and Codespaces. GitHub Blog
7. Git Database Degraded Due to Read Replica Loss (May 11, 2023):
A database cluster crash resulted in an automated failover, with 15% to 26% of Git data requests failing or slowing down, impacting millions of developers. GitHub Blog
8. Private SSH Key Exposed (March 2023):
GitHub’s RSA SSH private key was briefly exposed in a public repository, prompting an urgent rotation to prevent potential adversaries from impersonating GitHub. Bleeping Computer
9. Repos Connected to GitHub Desktop and Atom Accessed (January 2023):
A hostile actor accessed repos used for Atom and GitHub Desktop development, stealing encrypted code-signing certificates, necessitating user updates by February 2023. Cyber Security Hub
