Fallout from LinkedIn breach seems to continue as GitHub admits some accounts were accessed by attacker
GitHub has admitted a number of user accounts have been compromised by an attacker who used previously published account credentials from previous breaches of other online services.
The attacker took these account credentials, such as email addresses and passwords, from other online data breaches and tried them on GitHub accounts.
GitHub said that the attacker had been able to log in to “a number” of GitHub accounts.
“We immediately began investigating,” said GitHub today, but added: “GitHub has not been hacked or compromised.”
GitHub has now reset passwords on all affected accounts, and is in the process of sending individual notifications to users who were affected.
“If your account was impacted, we are in the process of contacting you directly with information about how to reset your password and restore access to your account,” said GitHub.
“We encourage all users to practice good password hygiene and enable two-factor authentication to protect your account.”
In May it was revealed that 117 million LinkedIn account credentials were up for sale on the dark web. A hacker, known as “Peace,” contacted technology site Motherboard this to offer the details, which are up for sale for five Bitcoins (around £1,564) on dark web site The Real Deal.
Peace claims that that the data was stolen during a breach of LinkedIn back in 2012, in which around 6.5 million encrypted passwords were posted online. The compromised GitHub credentials may well be from the fallout of this breach.
Earlier in June, Facebook founder Mark Zuckerberg’s Twitter and Pinterest accounts were accessed by hackers who noticed that Zuckerberg used the same password across several different sites.