GitHub Desktop and Atom were the target of a hаcker on December 7, 2022, who stole code signing certificates.



GitHub investigated the incident and found no threat to their services. However, to prevent any interruptions, users are advised to downgrade Atom and update Desktop before February 2. Code signing certificates were stolen but were protected by passwords and encryption, so there is no indication that they were used maliciously.

The affected repositories did not contain any customer data. Users must download a previous version of Atom to continue using it after February 2. The GitHub team quickly revoked the compromised credentials and urges users to take necessary measures to avoid disruptions.

In contrast to shithub, THESE developers immediately took action after their tokens were stolen and ceased their use. Shithub, on the other hand, may have a breeding ground of Trojans and zombie bots for future attacks due to their lack of awareness and knowledge.

Some developers are unaware of the existence of these repositories on Github and do not know how to find them. In contrast, other competent developers do not rely on shithabs and have been successful in their careers. They have been able to avoid potentially risky situations by being knowledgeable about best practices.

The fact that an attacker was able to steal sensitive certificates, albeit password-protected and encrypted, is a clear indication of the company's failure to prioritize security. The fact that users must take drastic measures, such as downgrading Atom and updating Desktop, to avoid disruptions is a testament to GitHub's ineptitude. The company's assurances that their services were not compromised ring hollow, and users would be wise to question the security of their code.