Stolen Logins Showing Up Everywhere
It appears that an unknown group of hackers has attacked GitHub’s repository service. On June 14, someone armed with an enormous list of emails and passwords made repeated login attempts. According to GitHub’s administrators the login credentials came from data breaches from other online sources. After review it was clear that whoever was behind the attack had accessed a number of accounts.
With the sheer number of data breaches that involve old passwords seemingly coming in daily from places like LinkedIn, Tumblr, and MySpace, no one is sure where the email addresses and passwords originated. With over 640 million account credentials having been stolen, it’s difficult to track down their source and not at all unlikely some GitHub users are still using old passwords.
According to GitHub, no data was lost in the attack, but listings for accessible repositories and some personal information may have been exposed. Additionally, they have reset the passwords on all the affected accounts and are urging their user to enable two-factor authentication.