{"UUID":"cd8e3b5f-7b97-4af5-8986-28e2bf663805","URL":"https://wiki.gentoo.org/wiki/Github/2018-06-28","ArchiveURL":"","Title":"Gentoo GitHub Organization compromise of June 2018","StartTime":"2018-06-28T20:19:00Z","EndTime":"2018-07-03T11:46:00Z","Categories":["automation","security"],"Keywords":["github","gentoo","security","account compromise","password reuse","data integrity","force push","repository"],"Company":"Gentoo","Product":"GitHub Organization","SourcePublishedAt":"0001-01-01T00:00:00Z","SourceFetchedAt":"2026-05-04T17:53:30.243226Z","Summary":"An entity gained access to the Gentoo GitHub organization, removed access to all developers and started adding commits in various repositories.","Description":"On June 28, 2018, an unknown entity gained administrative control of the Gentoo GitHub Organization. The attacker immediately removed all access for Gentoo developers and proceeded to make malicious changes to several repositories. The incident lasted until July 3, 2018, when GitHub unlocked the organization after remediation efforts.\n\nThe root cause was identified as the compromise of an organization administrator's password. Evidence suggested a password reuse scheme, where a password disclosed on one site made it easy to guess the password for the GitHub account.\n\nThe compromise resulted in approximately five days of unavailability for Gentoo's GitHub operations. Pull request CI was down, and all past pull requests were disconnected and closed, requiring users to open new ones. Malicious content, including \"rm -rf\" commands, was briefly available in repositories like gentoo/gentoo, gentoo/musl, and gentoo/systemd, though technical guards likely prevented execution by end-users.\n\nGentoo developers and infrastructure staff escalated the issue to GitHub support, leading to the organization being frozen. Gentoo regained control, reverted the malicious commits through force-pushes, and restored the defaced content. Post-incident actions included implementing 2FA requirements, reviewing password policies, and improving backup procedures for GitHub settings."}