GitHub code signing certificates compromised, to be revoked

BleepingComputer reports that GitHub had its encrypted code-signing certificates for its Atom and Desktop applications stolen following unauthorized access to certain development and release planning repositories. Threat actors leveraged a compromised Personal Access Token related to a machine account to clone Atom, Desktop, and other deprecated GitHub-owned organizations on Dec. 6, while compromised credentials were revoked the day after, according to GitHub, which noted the lack of evidence suggesting malicious use of the stolen certificates. GitHub services are also unaffected by the incident. Meanwhile, GitHub noted that it will be revoking two Digicert certificates with Jan. 4 and Feb. 1 expiration dates, as well as an Apple Developer ID certificate valid until 2027 by Feb. 2. "On January 4, 2023, we published a new version of the Desktop app. This version is signed with new certificates that were not exposed to the threat actor. We highly recommend updating Desktop and/or downgrading Atom before February 2 to avoid disruptions in your workflows," said GitHub.