Yes, even coders make the mistake of reusing passwords

GitHub has issued a security advisory:

On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts. We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts.

The end result is that for some accounts "other personal information including listings of accessible repositories and organizations may have been exposed." Yuck.

GitHub has reset passwords for affected accounts and is reaching out to affected users.

It's important to underline that GitHub itself didn't suffer a breach. The passwords were probably gleaned from mega-breaches on other sites such as LinkedIn and Tumblr.

Repeat after me:

Thou shalt not make to thyself the same password on different websites, and thou shalt enable two-factor authentication pronto.

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

No comments yet.

Leave a Reply