Thursday, June 16, 2016

GitHub warns some accounts compromised after "reused password attack"


GitHub has said a number of accounts have been compromised after attackers were able to match usernames and passwords stolen from other online services.

The online code sharing and development platform said late Wednesday that it has "not been hacked or compromised."

That said, the company warned that usernames and passwords for affected accounts must have been involved. With that, other account data -- such as repositories and organizations -- may have also been exposed when attackers were able to log in.

"In order to protect your data we've reset passwords on all affected accounts. We are in the process of sending individual notifications to affected users," read a brief statement on its website.

It comes in the wake of a spate of "mega breaches," including MySpace, LinkedIn, and Tumblr, which all suffered at the hands of historical hacks, leaking millions of accounts. Since then, however, some other attacks proved otherwise, such as Dropbox and Twitter, because hackers took existing data and rehashed it to sell on.

Many thought other services had been breached, but were instead credentials from other services -- because all too often people reuse their passwords across different sites for simplicity.



from Latest Topic for ZDNet in... http://ift.tt/1rs0yAg

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.