On Saturday, July 6, 2019, the GitHub account of a Linux Ubuntu distributor, Canonical Ltd, was hacked. Canonical confirmed that there is no indication of data alteration or deletion, though it is still investigating. Despite numerous previous attacks, GitHub and its user accounts continue to remain vulnerable. This blog discusses the recent Canonical incident, previous GitHub incidents, and how one company is intelligently responding to the shifting security landscape by utilizing blockchain to protect against potential security breach fallout.


What Happened

Over the Fourth of July weekend, a hacker gained access to Canonical’s GitHub account. Acting blatantly obvious, they created 10 repos in Canonical’s account with the naming convention CAN_GOT_HAXXD_# as seen below:


GitHub Attack - Canonical Repo


Ubuntu Security immediately launched an investigation to get their arms around the full extent of the breach as well as removed the compromised account. They also disconnected Launchpad infrastructure, where the Ubuntu distribution is built and maintained, from their organization and are implementing remediations as necessary.


Ubuntu Security confirmed in a statement that there was no indication any source code or PII (Personally Identifiable Information) was impacted.

Ubuntu Security Tweet - Canonical Hack


At the end of their investigation, the security team will publish a publicly available update of the Linux distribution.


The Regular Occurrence of GitHub Attacks

Attacks have become a regular occurrence for GitHub. Perhaps, this most recent attack was actually a white hat test in response to the regular attacks, though this remains to be seen.


That said, last month, the official Ubuntu forum was hacked were approximately 2 million usernames and passwords were stolen. Then in May 2019, hackers were breaking into private code repos on GitHub, copying their data locally, deleting the data on the repo, and ransoming the copies to the project owners. And in June 2018, the Gentoo Linux distributor was hacked by an attacker who gained access due to a weak password and was able to maliciously inject a backdoor into some GitHub downloads for a specific OS version.


Maintaining operational excellence is a big deal. In the security industry, the understanding of account compromise has veered away from a hope that it doesn’t happen to an understanding that it does happen and to everyone. As such, trust has shifted from an implicit assumption to a process of explicit verification.


Protecting File Integrity from the Effects of Compromise

Everything can be hacked, so protection is key. Here is what one company, Virtuozzo, is doing to protect against hacks like the GitHub example. Virtuozzo (, a hyper-converged infrastructure software vendor, is utilizing Codenotary (see the next section for more information about Codenotary) to incorporate the powerful security mechanisms of blockchain into their offerings. This way no matter what security leak might be exploited, the source code is immutable and protected due to the blockchain-based service.


The way it works is that each file stored by Virtuozzo has it’s fingerprint (aka its hash) taken and then stored immutably on the Codenotary’s blockchain. Then from that point on, every file can be verified as 100% authentic and untampered at any point in time, from anywhere in the world. By doing so, Virtuozzo gives its customers peace of mind anytime they open and use any Virtuozzo stored file as it is protected by the immutable Codenotary blockchain.


About Codenotary

Codenotary brings trust and integrity to DevOps and the software industry. It allows development teams to strongly identify and track their digital assets and artifacts, such as libraries, builds, source code, containers, and dependencies throughout the DevOps process. This way organizations can always guarantee the veracity and integrity of their digital assets to themselves as a team and to others outside the team. By using digital ledger technology, it creates an immutable chain of trust which for the first time enables zero trust to be infused into application development and operation.


Test out Codenotary for free and see for yourself.



Start Your Free Trial





Save energy without reducing VM performance in your VMware vSphere cluster
16 August 2022
Over the last couple of decades energy consumption went up massively in every data center and while the…
Metrics & Logs support for IoT - Bringing Secure Monitoring and Logging to the Edge
7 July 2022
Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running.…
Monitoring Azure SQL Managed Instance with Opvizor Metrics & Logs
17 January 2022
When you have critical applications and business processes that rely on Azure resources, it's critical to keep an…

White Paper — Registration

You will receive the research paper by mail.

Codenotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on Codenotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.

Subscribe to our newsletter