GitHub breach: attackers cloned code signing certificates


GitHub claims unknown attackers accessed its code repositories and stole certificates for GitHub Desktop and Atom applications.

GitHub, a popular hosting service for software development, notified users of an “unauthorized access” the company detected on December 7, 2022.

According to GitHub, the attack only affected repositories used in the planning and development of GitHub Desktop and Atom applications, and there’s no risk to GitHub.com services.

“A set of encrypted code signing certificates were exfiltrated; however, the certificates were password-protected, and we have no evidence of malicious use,” GitHub said.

In theory, attackers could use stolen certificates to stamp malicious software as legitimate GitHub updates, bypassing safeguards. To prevent this from happening, the company will revoke exposed certificates on February 2, 2023.

According to GitHub’s statement, unknown attackers cloned repositories from GitHub Desktop and Atom using a “compromised Personal Access Token.”

“Several encrypted code signing certificates were stored in these repositories for use via Actions in our GitHub Desktop and Atom release workflows. We have no evidence that the threat actor was able to decrypt or use these certificates,” GitHub said.

Users are advised to update the certificates before they are revoked to avoid any workflow disruption. The company has listed all versions of affected applications that need to be updated before February 2.


More from Cybernews:

Circle K US spills partial credit card details, among other sensitive data

Google Fi breached, customer data compromised

ChatGPT creator reveals new tool to spot AI-written homework, admits it's not perfect

Russian cyber gang targets US hospitals

Millennials most worried ChatGPT will take their jobs

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked