GitHub says it has not been hacked following earlier claims the Microsoft-owned code repository had been compromised. A mysterious group early claimed to have hacked the company. As proof, the entity shared source code for GitHub Enterprise and GitHub.com.
The source code was available through a commit on the company’s DMCA section. Whoever perpetrated the “attack” made the claim it came from Nat Friedman, CEO of GitHub.
In response, Friedman took to the YCombinator Hacker News site to deny a hack has taken place. He says neither his nor company data has been compromised. Friedman points out the leak does not cover all of GitHub’s source code but does include some from the Enterprise Server service.
If you are unfamiliar, this is a version of GitHub Enterprise that allows organizations to run the platform on-premises. While some source code from the service was in this leak, Friedman says it really leaked months ago through a company mistake.
He says GitHub employees “shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers.”
“In summary: everything is fine, situation normal, the lark is on the wing, the snail is on the thorn, and all’s right with the world,” Friedman adds.
Recent Vulnerability Disclosure
Earlier this week, Google Project Zero disclosed a vulnerability in GitHub after the company failed to issue a fix within a 90-day limit. According to the team, GitHub requested another 90-day extension for a bug found in the Actions features. The Project Zero team did not grant the extension and have now gone public with the vulnerability.
Actions was launched back in 2018. It gives developers tools to improve their projects. By leveraging Docker code containers, developers will be able to set a schedule of events.
