Gentoo has laid out the cause and impact[1] of an attack that saw the Linux distribution locked out of its GitHub organisation.
The attack took place[2] on June 28, and saw Gentoo unable to use GitHub for approximately five days.
Due a lack of two-factor authentication, once the attacker guessed an admin's password, the organisation was in trouble.
"The attacker gained access to a password of an organisation administrator. Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated web pages," the incident report said.
Gentoo now has a requirement for two-factor authentication to join its GitHub organisation.
Once the attacker gained access, Gentoo said it was lucky that the attack was loud and removing all other developers caused them to be emailed, and that a quieter attacker could have lurked for longer. The report added that by force pushing commits that attempted to remove all files, the attacker made "downstream consumption more conspicuous".
The report said Gentoo maintains its own infrastructure, and only uses GitHub to be closer to contributors.
"We do not believe the private keys of the account impacted were at risk, and so the Gentoo-hosted infrastructure was not impacted by this incident," the report said.
According to logs, a number of GitHub accounts were probing for nearly 20 days in the lead-up to the attack.
Related Coverage
Gentoo GitHub mirror hacked and considered compromised[3]
Ebuilds were replaced by attacker with ones intended to delete every file, which thankfully failed to work as intended.
How to install Linux Mint on your Windows PC[4]
Are you a Windows power-user? You can get and install