New Year's Security Incident (GitHub Discussion #9525)
Published on January 29, 2025 by Tomer Nosrati
Hello,
I am writing to inform our community about a recent security breach within the Celery Organization. Our security team detected unauthorized activity over the New Year period, prompting an investigation with GitHub Support. The findings, backed by clear audit logs from GitHub, revealed that an Owner account violated our security policies, and that this account was already partially restricted due to previously violating GitHub's Terms of Service.
The consequences of this breach were:
- Operational Disruption: The restrictions on this account have completely halted our ability to manage and maintain the organization effectively.
- Hidden Content: All pull requests from this account, both historical and new, are now inaccessible, potentially indefinitely.
- Integrity Risk: Contributions merged by this account bypass our CI checks. This lack of both automated and manual oversight allowed unchecked code modifications to be incorporated into our codebase.
- Activity Halt: Organizational activity was nearly at a standstill, significantly delaying our release cycle.
Following GitHub's instructions, we had no option but to address the issue by removing the account from the organization and reversing the unauthorized changes. We are committed to working with contributors to ensure no legitimate contributions are lost during this process.
We thank GitHub for their support and cooperation in resolving this issue.
Normal activities should resume shortly.
Normal activities should resume shortly.