Panic's Source Code Stolen

Panic, the makers of well-respected Mac apps like Coda and Firewatch, have recently been part of a malware attack caused by an infected version of Handbrake. The attack caused one of the Panic founder's personal computer to be compromised, giving the attackers access to valuable source code from their apps.

Quote from their blog post addressing the attack:

Someone has a bunch of our source code. But does it really matter?

There are essentially three “worst case” scenarios we considered with our source being out there in somebody’s hands:

They build free, cracked version of our apps.
Guess what — those already exist. You can already pirate our software if you want to pirate our software — but please don’t — so this doesn’t really change anything in that regard. Also, whatever “free” version of our apps that would come from this person are virtually guaranteed to be infected with malware.

They create malware-infected builds of our apps.
This seems likely. Given the person’s entire MO was to infect a well-used Mac app with malware, it seems inevitable. But we will find them, and working directly with Apple, shut them down. To minimize your risk, never download a copy of one our apps from a source that is not us or the Mac App Store. We are going to be hyper-vigilant about the authenticity of downloads on our servers.
A competitor obtains this source to attempt to use it to their advantage in some way.

The many Mac developers we’ve met over the years are fine, upstanding people. I can’t imagine any of them being this unethical, or even being willing to take the risk of us finding fingerprints of our code in theirs. And let’s not forget that — you guessed it — there’s a good chance any stolen source could have malware slipped into it.

Also, one important thought gave us some comfort:
With every day that passes, that stolen source code is more and more out-of-date.