Cybersecurity: GitHub warns that 'reused password' attack has been used to hack accounts
Popular code repository website GitHub is warning that some user accounts have been compromised by hackers using account details from other recent data breaches in order to guess user credentials from the site.
GitHub is used by around 14 million people to store software programs and coding projects, and the coding repository says that it noticed on Tuesday (14 June 2016) that hackers were making unauthorised attempts to access a large number of its accounts.
Essentially, the hackers were taking long lists of usernames, passwords and email addresses from other services that have been compromised recently and trying them on GitHub accounts until they found a match.
And in case you need reminding, a series of major data breaches affected the likes of business-networking site LinkedIn and social networks MySpace and Tumblr in May, exposing millions of user accounts, followed by Twitter, cloud-storage service Dropbox and Russian social network VK being compromised in June.
"For affected accounts, usernames and passwords are involved. Additionally, for some accounts, other personal information including listings of accessible repositories and organisations may have been exposed," GitHub wrote in a blog post on Thursday (16 June).
"In order to protect your data we've reset passwords on all affected accounts. We are in the process of sending individual notifications to affected users."
GitHub says that it was not hacked or compromised, however, if hackers were able to access users' accounts and see the contents of those accounts, this essentially amounts to the same thing.
The code repository is now warning all users to make sure they have good password practices in place – essentially, don't use the same password across multiple online services, don't use easy-to-guess passwords such as '123456', your name or Mark Zuckerberg's "dadada", and be sure to turn on two-factor authentication.
© Copyright IBTimes 2024. All rights reserved.