The GitHub Account of Gentoo Linux was hacked and malicious code were embedded with ebuild repository that delete’s all the user files.Gentoo is a free operating system with Precompiled binaries. It is an ideal secure server for development workstation, professional desktop and also suitable for gaming.
The incident took place on 28 June but Gentoo regained control after few hours.
According to the company statement, “Gentoo code hosted on GitHub should for the moment be considered compromised.”
Gentoo said the hack didn’t affect the code hosted on the Gentoo infrastructure and the code hosted in the Github is only the mirror. ”You are fine as long as you are using rsync or webrsync from gentoo.org.”
You can find more from the Gentoo site itself…
Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. More see link.
Gentoo developer Francisco Blas Izquierdo Riera said the attacker “replaced the portage
and musl-dev trees with malicious versions of the ebuilds that replaces the user’s code.”
Here is the good news, the code doesn’t work as it intended to do. Gentoo-mirror repositories including the metadata hosted under a different account are not affected.
Gentoo asked users to verify the integrity of the signatures when using git.