The team behind Gentoo Linux has revealed the reasons for the recent hack of its GitHub organization account. The short version: shoddy security. From a report: It seems that the hackers were able to gain access to the GitHub organization account by using the password of one of the organization administrators. By the team’s own admission, poor security meant that the password was easy to guess. As the Register points out, “only luck limited the damage,” but the Gentoo Linux team is keen to let it be known that it has learned a lot from the incident. In an entry on the Gentoo Linux wiki, there is a fairly detailed breakdown of what happened, how it happened, and what is being done to prevent it from happening again. The wiki entry summarizes the hack attack as follows: “An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. They then proceeded to make various changes to content. Gentoo Developers & Infrastructure escalated to GitHub support and the Gentoo Organization was frozen by GitHub staff. Gentoo has regained control of the Gentoo GitHub Organization and has reverted the bad commits and defaced content.”

Read more of this story at Slashdot.

Source: Slashdot – Gentoo Linux Github Organization Repo Hack Was Down To a Series of Security Mistakes