 On July 6th of 2019, Canonical's GitHub was compromised, but don't worry, the world's not coming to an end. Our repositories are not fully pwned and we're now installing spyware with our updates. Don't worry. It's bad, but it's not that bad. It's bad in effect that we suspect that this was just a credential compromise and that they probably didn't have 2fh turned on. That's my suspect when we get a full debrief of this. But the important part to remember now is that this is their official statement on it that they did confirm. They've acknowledged a breach, they acknowledged it was GitHub, but the important is that furthermore, the Launchpad infrastructure where Ubuntu distribution is built and maintained is disconnected from GitHub. So they keep mirrors of things. GitHub is one of those mirrors. They have their internal distribution platform Launchpad and this is where the source code is and this is where they compile and they're saying that was not compromised. And that's an important aspect of this because that would mean that the source code and the compiling of that source code that then gets delivered for updates for Ubuntu based distributions could have been compromised. And it sounds like none of that happened. This disconnect is a huge important factor in here. And it could be why they were lax on the security for this. If that's true, I'm speculating that they didn't have 2fh turned on. It could be because they thought, well, it's not as big of a deal. But then again, it kind of is a big deal that you maintain operational excellence even on accounts that well, are disconnected and may matter less to you in terms of priorities. But still it's an inconvenience but two factors should be on for everything. And like I said, my speculation that it wasn't turned on for this account or they didn't have a good password for this particular account or maybe they had an insider person who decided to do this. I'm hoping for a full debrief and they maintain transparency over this issue because well, it's still concerning. What did they do when they got in? Well, that's less exciting at all. They created a bunch of empty repos called can underscore GOT underscore HAXXD 10987654321. So nothing real exciting. This is a web archive from the way back web machine of what the account looked like very briefly. They were very quick to respond and fix it and they removed this compromised account right from their GitHub. So doesn't look like much happened. There's not a whole lot more to talk about in this tech but I just wanna make sure people understand and have a link to the officials statement from them. Your updates are fine. They did not slip something in. The compiling service and the GitHub service are two separate things. So that's my thoughts on this. I'm not worried about it. I'm still going to apt-get update. There's some further discussion of people talking about it. This is the article I originally linked to and tweeted out yesterday when I found that this happened. So there is some discussion going back and forth on what happened here. Nothing, lots more speculating and that's about it. There's not too much of a problem going on. So it's just minor concern in terms of the updates and things like that. I still want a full debrief on there but it's not enough that I'm saying, oh no, don't update until they've audited all this because it doesn't sound like anything that bad happened here. So it's not too bad but not too good because it did happen at all. So that's kind of my thoughts on this. But it is a security wake up for them. So the fact that they're on the news, they don't want to be in the news for things like this. So I have a feeling that they're going to tell us what they're going to do in the future and that future probably means they're going to audit all the accounts, they're going to go for two factor and nobody likes your holiday weekend disrupted. Well, for the US holiday here for 4th of July, imagine at least a few of them are here in the US. No one really likes on a weekend having to hurry up and delete some accounts. So I'm looking forward to a full debrief and I'll cover that if there's something interesting to cover. All right, thanks. Thanks for watching. If you liked this video, give it a thumbs up if you want to subscribe to this channel to see more content, hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post. If you want to hire us for a project that you've seen or discussed in this video, head over to laurancesystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you want to throw at us. Also, if you want to carry on the discussion further, head over to forums.laurancesystems.com where we can keep the conversation going. And if you want to help the channel out in other ways, we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.