Stolen credentials used to breach GitHub accounts
GitHub is warning its users of a campaign that used stolen credentials to breach a number of user accounts.
GitHub reported on June 14 an attacker launched a campaign to access several GitHub.com accounts using stolen login credentials.
The attacker was able to log in to a number of accounts and usernames, passwords and potentially personal information including listings of accessible repositories and organizations may have been compromised, according to a June 15 blog post.
GitHub reset the passwords on all the affected accounts and is currently in the process of notifying individual users, the post said. The company encouraged users to adopt good password hygiene and to enable two-factor authentication to ensure their accounts are protected.
It is unclear where stolen credentials came from however, recent breaches including those of Myspace, Tumblr, LinkedIn, and other high profile breaches total more than 640 million compromised accounts that may have potentially been used. GitHub is still investigating the attack and is monitoring for new attack vectors.