SourceForge, one of the largest places online that houses open source project files, community and more, was recently attacked starting last Wednesday:
The general course of the attack was pretty standard. There was a root privilege escalation on one of our platforms which permitted exposure of credentials that were then used to access machines with externally-facing SSH. Our network partitioning prevented escalation to other zones of our network.
They’ve documented the experience as well as their steps of resolving the issue and preventing it from happening again. It’s well worth a read for those that are may have to deal with things like this in the future (or for those that have had to deal with in the past).