Hacked pipelines defaced Microsoft's WSL repository with pro-Palestine messages
Hacked pipelines defaced Microsoft's WSL repository with pro-Palestine messages
github.com
Pull requests · microsoft/WSL
11 comments
-
-
Thank you for your contribution to WSL.
No fatal errors have been found.
No suggestions have been found.
-
based
-
How can such thing happen? Was an account hacked that had the permissions?
-
Most likely someone submitted a pull request that abused the GitHub token of the Action running on new PRs in order to edit all the other pull requests.
-
It could also be an inside job. Anti-genocide resistance within Microsoft is quite strong and active.
-
-
based
11 comments
Hacked pipeline? These are just pull requests anyone can submit them.
They are authentic commits and PRs by real contributors that have been edited and renamed with the PR description changed.
Oh that is mildly interesting, my mistake. So the actual commits didn't change but the pull requests are made to look like they are something else.
If you watch the PRs history, you can see that the user
github-actionsedited them. This user is the default one when a GitHub Action (the pipeline OP refers to) alters the repo. So someone probably submitted a pull request abusing the GitHub token when the Action ran on their PR.