Gentoo, the highly popular Linux distribution that was hosted on GitHub was compromised on Friday. However, none of the actual code was hacked, said experts. Currently, the copy hosted on GitHub has been affected and was pulled until a fresh and uncompromised copy can be uploaded.
“Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the GitHub Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on Github should for the moment, be considered compromised,” wrote Gentoo administrators. “This does NOT affect any code hosted on the Gentoo infrastructure. Since the master Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.”
It is worth noting that none of main code of Gentoo has been affected as administrators maintain their own copy of the Linux distribution safely. Experts at Gentoo also stated that the compromised code on GitHub also contained malware and bugs and cautioned against its usage. Additionally, the Gentoo administrators also assured that their security team has identified the point of intrusion and locked out the account in question and the three GitHub repositories containing the Gentoo code are being restored.