In an email interview, PHP maintainer Nikita Popov told us: "The first commit was found a couple hours after it was made, as part of routine post-commit code review.

Unknown attackers compromised the official PHP Git server and planted a backdoor in the source code of the programming language, potentially putting websites using the tainted code at risk of ...

PHP.net hacked, code backdoored The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov.