Breach, Data Security, Incident Response, TDR

Brute-force attack against GitHub affects users with weak passwords

GitHub users may have had their accounts compromised in a brute-force attack that mostly impacted individuals with weak passwords, according to a Tuesday blog post by Shawn Davenport, GitHub director of security.

Affected individuals have had their passwords reset. Additionally, their personal access tokens, OAuth authorizations and SSH keys have been revoked.

Davenport wrote that users with strong passwords may have been compromised and is encouraging people to review their accounts and enable two-factor authentication.

“While we aggressively rate-limit login attempts and passwords are stored properly, this incident has involved the use of nearly 40K unique IP addresses,” Davenport wrote. Attackers were said to reside in locations including China and Indonesia, according to reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.