An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating system's distributions that would delete user files.
Thankfully, the malicious code fails to trigger properly and users' files remain safe.
How the hacker gained access to Gentoo's GitHub account still remains a mystery, but since announcing the hack late last night, the Gentoo team says it regained control over their account, albeit their profile remained offline at the time of this article's publication.
The hack took place at approximately 20:20 UTC, June 28, and only affected the company's GitHub account, not its core infrastructure and associated files, hosted on different servers.
"This does NOT affect any code hosted on the Gentoo infrastructure," a Gentoo spokesperson said. "Since the master Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org."
On the Gentoo mailing list, Gentoo dev Francisco Blas Izquierdo Riera says the hacker "has among other things replaced the portage and musl-dev trees with malicious versions of the ebuilds."
The Gentoo team is still investigating the extent of the hack, so it's unclear if anything else besides the file-wiping malware was included.
As a precaution, users and organizations who downloaded Gentoo Linux images from the GitHub mirror are advised to restore the OS to a previous point, if they have backup images, or reinstall it from scratch.
To clarify: this breach does NOT involve the infrastructure by which @Gentoo Linux distributes and updates its software packages. The GitHub repository is just a downstream mirror. https://t.co/y7fSnDayqo— Jeff Hubbs (@jeffhubbs) June 28, 2018
Thankfully, most of @gentoo is developed on project hosted (and owned) infra.— Diego Elio Pettenò (@flameeyes) June 28, 2018
This is not the first time that a compromise of a GitHub account has led to problems. Earlier this month, hackers breached the GitHub account of the Syscoin cryptocurrency team and also poisoned official apps with malware.