Yes, even coders make the mistake of reusing passwords


GitHub has issued a security advisory:

On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of accounts. This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts. We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts.

The end result is that for some accounts “other personal information including listings of accessible repositories and organizations may have been exposed.” Yuck.

GitHub has reset passwords for affected accounts and is reaching out to affected users.

It’s important to underline that GitHub itself didn’t suffer a breach. The passwords were probably gleaned from mega-breaches on other sites such as LinkedIn and Tumblr.

Repeat after me:

Thou shalt not make to thyself the same password on different websites, and thou shalt enable two-factor authentication pronto.

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts
No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.