GitHub, the popular software development platform, announced on Monday that it had suffered a cyberattack in December 2022 and that during the attack, three digital certificates used for the company's Desktop and Atom applications were stolen by unknown threat actors.
In a blog post, GitHub Vice President of Security Operations, Alexis Wales, confirmed that the certificates were encrypted and password-protected and that there was no risk to the GitHub.com services or any unauthorized changes to projects:
"On December 7, 2022, GitHub detected unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. After a thorough investigation, we have concluded there was no risk to GitHub.com services as a result of this unauthorized access and no unauthorized changes were made to these projects.
A set of encrypted code signing certificates were exfiltrated; however, the certificates were password-protected and we have no evidence of malicious use. As a preventative measure, we will revoke the exposed certificates used for the GitHub Desktop and Atom applications. Revoking these certificates will invalidate some versions of GitHub Desktop for Mac and Atom."
Several versions of GitHub Desktop for Mac, between 3.0.2 and 3.1.2, will stop functioning tomorrow, February 2, 2023, while GitHub Desktop for Windows will not be affected. For the Atom text editor, versions 1.63.0 and 1.63.1 will also stop working. To continue using the software, Mac users are advised to upgrade to the latest release of GitHub Desktop, while Atom users must download a previous program version.
This security breach highlights the importance of machine identity management, according to Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. Bocek explained to InfoSecurity Magazine:
"In the wrong hands, these machine identities could be used to pose as trusted.... This is the powerful weapon that can enable supply chain attacks on other software developers and unknown possible subsequent (or past) attacks. To protect against events such as these, which are becoming increasingly common, security engineering teams must deploy a control plane for automating machine identity management."
This security incident comes just weeks after GitHub introduced a new feature for automatic code scanning on repositories. The company emphasized that the security and trustworthiness of GitHub and the broader developer ecosystem are its top priority, and recommended users take action to continue using GitHub Desktop and Atom.
While the attack did not result in any damage or unauthorized changes, it serves as a reminder of the constant threat posed by cybercriminals and the need for companies to prioritize the security of their systems and data.