1 min read

Code-Signing Certificates Stolen in GitHub Breach


January 31, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Code-Signing Certificates Stolen in GitHub Breach

GitHub, the popular software development and version control hosting platform, recently disclosed a security incident involving stolen code-signing certificates.

Unknown threat actors acquired three encrypted certificates: two Digicert certificates used to sign Windows apps and another Apple Developer ID certificate.

Although the certificates don’t jeopardize any installed versions of GitHub Desktop for Mac and Atom, GitHub warns that decrypting them could let criminals sign unofficial applications and pass them off as legitimate ones.

“On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised Personal Access Token (PAT) associated with a machine account,” reads GitHub’s announcement. “Once detected on December 7, 2022, our team immediately revoked the compromised credentials and began investigating potential impact to customers and internal systems. None of the affected repositories contained customer data.”

The breach impacted several versions of the popular GitHub Desktop for Mac and Atom apps. Fortunately, GitHub Desktop for Windows users weren’t affected.

In response, GitHub revoked certificates for the following versions of GitHub for Mac:

  • 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.1.0, 3.1.1, and 3.1.2

The company also invalidated versions 1.63.0 and 1.63.1 of Atom. The above versions of GitHub for Mac and Atom are expected to stop working as of February 2. Users will need to downgrade to a previous Atom to keep using the service.

“On Thursday, February 2, 2023, we will revoke the Mac & Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-1.63.1,” GitHub says. “Once revoked, all versions signed with these certificates will no longer function.”

The company recommends users update and/or downgrade affected clients before February 2 to avoid workflow disruptions.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like