GitHub has admitted a number of user accounts have been compromised by an attacker who used previously published account credentials from previous breaches of other online services.
The attacker took these account credentials, such as email addresses and passwords, from other online data breaches and tried them on GitHub accounts.
GitHub said that the attacker had been able to log in to “a number” of GitHub accounts.
“We immediately began investigating,” said GitHub today, but added: “GitHub has not been hacked or compromised.”
GitHub has now reset passwords on all affected accounts, and is in the process of sending individual notifications to users who were affected.
“We encourage all users to practice good password hygiene and enable two-factor authentication to protect your account.”
In May it was revealed that 117 million LinkedIn account credentials were up for sale on the dark web. A hacker, known as “Peace,” contacted technology site Motherboard this to offer the details, which are up for sale for five Bitcoins (around £1,564) on dark web site The Real Deal.
Peace claims that that the data was stolen during a breach of LinkedIn back in 2012, in which around 6.5 million encrypted passwords were posted online. The compromised GitHub credentials may well be from the fallout of this breach.
Earlier in June, Facebook founder Mark Zuckerberg’s Twitter and Pinterest accounts were accessed by hackers who noticed that Zuckerberg used the same password across several different sites.
European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…
Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…
Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…