![\"\"](\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/github-status-data-1-1024x641.png\")
<\/figure><\/div>\n\n\nOur selfish goal is pretty obvious – this article is the best answer to the question “why backup GitHub data” and we believe it will close this discussion once and for all. <\/p>\n\n\n\n
Check out our review of 2022 threats and failures related to GitHub. <\/p>\n\n\n\n
December 2022 Right before Christmas, Okta, a leading provider of authentication and Identity and Access Management (IAM) solutions, admitted that its private GitHub repositories<\/a> were hacked. The security incident involved threat actors stealing Okta’s source code. Luckily, despite stealing the code, attackers did not gain unauthorized access to the Okta service or customer data, confirmed the company. <\/p>\n\n\n\n Oops, it happened again. September this year, Okta subsidiary AuthO, has disclosed a “security event”. Multiple code repository archives from 2020 and earlier were obtained by unknown means from its environment. But, Okta’s problems began long before – in January and continued for months. It’s been a difficult year for the Okta security team and it looks like the Christmas break wasn\u2019t so merry after all.<\/p>\n\n\n\n Bleeping Computer<\/a> | Bleeping Computer<\/a><\/p>\n\n\n\n Legit Security discovered and revealed a new software supply chain vulnerability class in GitHub Actions and Rust. It enabled artifact poisoning to attack the underlying software development pipelines by replacing a legitimate artifact\u2019s content with a malicious payload. Once in place, this infected data could have been used to perform attacks using Rust and GitHub Actions. It enabled any users to execute code in a privileged pipeline. So, a hacker could extract repo secrets and credentials, modify settings, or tamper with the source code with GitHub API use in the worst scenario. This attack highlighted the risk that insecure software pipelines pose. It also showed that this problem likely affects a huge number of open-source projects as its maintainers usually run tests on contributed code before analyzing it by themselves. <\/p>\n\n\n\n The News Stack<\/a> | Dark Reading<\/a><\/p>\n\n\n\n November 2022 It all started with phishing and human error\u2026 Dropbox disclosed a security breach after threat actors stole 130 code repositories using git credentials theft trick and stole employee credentials in a phishing attack – by faking a CircleCI email, login screen, and including a malicious link. The code accessed by this threat actor contained some credentials and API keys used by Dropbox developers along with a few thousand names and email addresses belonging to employees. Dropbox claims these code repositories were not connected to their core applications, instead that this repo contained modified third-party libraries, internal prototypes, and other internal tools. We will probably never know how much this data was worth to the company and how much the incident cost them after all.<\/p>\n\n\n\n We highly recommend a thorough analysis of our GitGuardian colleagues’ article on the Dropbox breach<\/a>.<\/p>\n\n\n\n Bleeping Computer<\/a><\/p>\n\n\n\n GitHub Copilot \u2013 a programming auto-suggestion tool trained from public source code on the internet \u2013 has been caught generating what appears to be copyrighted code. On the 3rd of November, GitHub, Microsoft, and OpenAI have been hit with a class-action lawsuit concerning alleged open-source license copyright violations arising from the use of GitHub Copilot. The plaintiffs, led by programmer and lawyer Matthew Butterick, allege that Copilot reproduces their copyrighted code without attribution or notifying users of license requirements. The 56-page suit claims Copilot \u201cviolates the licenses that open-source programmers chose and monetizes their code despite GitHub\u2019s pledge never to do so.\u201d<\/p>\n\n\n\n The situation is still developing\u2026 To be continued\u2026 <\/p>\n\n\n\n Data Center Knowledge<\/a> | TechTarget<\/a> <\/p>\n\n\n\n October Checkmarx Supply Chain Security team found a \u201chigh-severity\u201d vulnerability in GitHub that could allow an attacker to take control over a GitHub repo, and potentially infect all apps and other code with a malicious payload. Vulnerable to this flaw were all renamed usernames on GitHub, including over 10K packages on the Go, Swift, and Packagist package managers. As a result, thousands of packages could have been hijacked and served malicious code to millions of GitHub users. RepoJacking is a technique to hijack renamed repository URLs traffic and directing it to the attacker\u2019s repo by exploiting a logical flaw that breaks the original redirect. A GitHub repository becomes vulnerable when its owner decided to rename his username while the old username is available for registration. Luckily, the vulnerability was fixed by GitHub after unveiling it by the Checkmarx team. <\/p>\n\n\n\n Checkmarx<\/a><\/p>\n\n\n\n On October 7th, Toyota revealed they had accidentally exposed a credential allowing access to customer data in a public GitHub repo for\u2026 almost 5 years (!). Scale? Exposed data included identification numbers and emails of over 290,000 customers. Luckily, credit card data, phone numbers, or any GitHub user account credentials were not stored in this database. As of now, there is no sign that this breach would allow bad actors to do more than just harvest emails and the associated customer management numbers. Toyota has not been able to confirm any abuse or attacks have occurred using harvested data.<\/p>\n\n\n\n GitGuardian<\/a> | Digital Journal <\/a><\/p>\n\n\n\n September Human error – again. The Department of Veterans Affairs was conducting a cyber breach investigation after one of the contractors allegedly copied source code from a VA-managed GitHub account and published it on their own personal GitHub account and then switched to public mode. The exposed information included hard-coded admin account privileges, encrypted key tokens, and specific database table information. Moreover, this data is said to have been cloned by at least six unrelated IP addresses. On the other hand, according to VA spokesperson, the data was not administrative credentials and did not present a risk to VA or Veteran data. <\/p>\n\n\n\n FedScoop<\/a><\/p>\n\n\n\n Security researchers at Legit Security identified vulnerabilities in the GitHub automated workflows used by Google Firebase and Apache Camel that could have been abused to compromise those open-source projects through their GitHub CI\/CD pipeline and insert malicious code. This exploitation technique named “GitHub Environment Injection” enables the exploitation platform’s automated integration and injecting a malicious payload into a GitHub environment variable called GITHUB_ENV. This way a compromised or rogue developer could have used it to alter the source code for Apache Camel or Firebase and conduct a supply-chain attack on this code users. As a result, this malicious code could have ended up being widely deployed. <\/p>\n\n\n\n The Register<\/a><\/p>\n\n\n\n On September 16, GitHub Security warned their users against a phishing campaign impersonating CircleCI to steal user credentials and two-factor codes. Threat actors made a fake GitHub login phishing site to steal any credentials entered – including 2FA codes (except those with hardware security keys). Then it was possible to instantly create GitHub Personal Access Tokens (PATs), authorize OAuth applications, and add SSH keys to the account to preserve access just in case the user changes their password. Threat actors could also download private repository content, including the one owned by organizations and collaborators (and then wipe it out, leak it, sell it, or blackmail the organization). They could also create new GitHub user accounts (if a compromised one had management permissions) and add them to an organization for future reference.<\/p>\n\n\n\n The list of recommendations to protect the account from GitHub included a password and 2FA codes reset and a review of PATs. GitHub recommended user hardware security keys, WebAuthn 2FA, or a browser-integrated password manager with an auto-fill option. A good security practice is also to have a GitHub backup<\/a> to ensure data recovery and business continuity in the event of code wipe-out, deletion, and ransomware practices. <\/p>\n\n\n\n Gi<\/a>tHub<\/a><\/p>\n\n\n\n Eliminate data loss risk and ensure business continuity with <\/strong>
GitHub status info:<\/strong> 6 incidents <\/p>\n\n\n\nOkta’s source code stolen after a hack on GitHub repositories<\/h2>\n\n\n\n
GitHub Actions vulnerable to Rust artifact poisoning possible<\/h2>\n\n\n\n
GitHub status info:<\/strong> 19 incidents <\/p>\n\n\n\nDropbox breach – hackers steal 130 GitHub repositories <\/h2>\n\n\n\n
GitHub Copilot hit with a code copyright lawsuit <\/h2>\n\n\n\n
GitHub status info:<\/strong> 17 incidents <\/p>\n\n\n\nCheckmarx \u201cRepoJacking\u201d report: how to attack the software supply chain with a simple rename<\/h2>\n\n\n\n
Toyota data breach involving source code hosted on GitHub<\/h2>\n\n\n\n
GitHub status info:<\/strong> 15 incidents <\/p>\n\n\n\nThe Department of Veterans Affairs investigates breach after federal contractor publishes source code<\/h2>\n\n\n\n
Merge requests and GitHub workflows may lead to supply-chain attacks<\/h2>\n\n\n\n
CircleCI & GitHub phishing scam – be warned<\/h2>\n\n\n\n
\n\n\n\n
the first TRUE Disaster Recovery software for GitHub<\/strong>. <\/p>\n\n\n\n