The GitHub Desktop for Mac and Atom programs, GitHub confirmed that threat actors exfiltrated encrypted code signing certificates.
Customer data was not affected, the company claimed, because it was not kept in the affected repositories.
According to the business, there is no proof that the threat actor was able to use or decrypt these certificates.
According to the business, neither GitHub.com nor any of its other services have been affected by the security compromise.
Source: https://securityaffairs.com/141617/data-breach/github-security-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/github
"id": "git205981023",
"linkid": "github",
"type": "Data Leak",
"date": "01/2023",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 'None',
'industry': 'Software Development',
'name': 'GitHub',
'type': 'Company'}],
'attack_vector': 'Exfiltration of Code Signing Certificates',
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Code Signing Certificates']},
'description': 'The GitHub Desktop for Mac and Atom programs, GitHub '
'confirmed that threat actors exfiltrated encrypted code '
'signing certificates. Customer data was not affected, the '
'company claimed, because it was not kept in the affected '
'repositories. According to the business, there is no proof '
'that the threat actor was able to use or decrypt these '
'certificates. According to the business, neither GitHub.com '
'nor any of its other services have been affected by the '
'security compromise.',
'impact': {'systems_affected': ['GitHub Desktop for Mac', 'Atom']},
'title': 'GitHub Desktop for Mac and Atom Code Signing Certificates '
'Exfiltration',
'type': 'Data Exfiltration'}