GitHub Users Join The June Passwords-Hacked Squad

GitHub Users Join The June Passwords-Hacked Squad

password log in

A penguin could pick a better password than people can

OH GITHUB USERS, you have caught the hacked account bug because of your use of dirty pre-used passwords, and now your personal details could have been plundered.

You exposed horde, you blighted legions, you are part of a not-very-exclusive club of people who have been exposed because passwords are often as bad as the protective measures put around them.

In this most recent case, and we have reported on similar incidents at, LinkedIn and Myspace recently, it is GitHub users who have been gutted via speculative hacks that use pre-established passwords as potential access points.

GitHub has blogged about this, explaining that, while users must change their passwords, the site and the business remain secure.

“On Tuesday evening PST we became aware of unauthorised attempts to access a large number of accounts,” the company said.

“This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts.

“We immediately began investigating, and found that the attacker had been able to log-in to a number of GitHub accounts. GitHub has not been hacked or compromised.

“In order to protect your data we’ve reset passwords on all affected accounts. We are in the process of sending individual notifications to affected users.”

So far so good, as far as responses go. GitHub moved fast here and does not seem to be much at fault, if at all. The suggestion is that an effort is needed at the user end.

“If your account was affected, we are in the process of contacting you directly with information about how to reset your password and restore access to your account,” added the blog post.

“We encourage all users to practise good password hygiene and enable two-factor authentication to protect your account. These attacks often evolve, and we’re continuing to investigate and monitor for new attack vectors.” µ

Threat Intel

via News ≈ Packet Storm

June 17, 2016 at 08:18AM