Breach, Threat Management, Data Security, Threat Management

Stolen credentials used to breach GitHub accounts

GitHub reported on June 14 an attacker launched a campaign to access several accounts using stolen login credentials.

The attacker was able to log in to a number of accounts and usernames, passwords and potentially personal information including listings of accessible repositories and organizations may have been compromised, according to a June 15 blog post.

GitHub reset the passwords on all the affected accounts and is currently in the process of notifying individual users, the post said. The company encouraged users to adopt good password hygiene and to enable two-factor authentication to ensure their accounts are protected.

It is unclear where stolen credentials came from however, recent breaches including those of Myspace, Tumblr, LinkedIn, and other high profile breaches total more than 640 million compromised accounts that may have potentially been used. GitHub is still investigating the attack and is monitoring for new attack vectors. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.