GitHub Rearranges Some User Passwords after Brute-Force Attack

On 14th June, someone made a huge number of login attempts to repository service of GitHub by using e-mail addresses and passwords, which seems to have been collected by breaching other online services. Shawn Davenport, VP of Security in GitHub, posted a blog stating that administrators of GitHub reviewed the logins and found that the attacker gained entry to several accounts.

The code-hosting platform claiming to have millions of users across the world, disclosed a series of "unauthorized attempts" to log into several accounts on GitHub.com on Tuesday evening. Shawn Davenport, Vice President of Security in GitHub, posted a blog explaining that, it seems that this is the result of an attacker who used a list of passwords and email addresses that have been obtained from other compromised online services in the past, and now trying those on the GitHub accounts.

It is said that the company had warned about the involvement of usernames and passwords of affected accounts. Zdnet.com posted on June 16th, 2016, stating that other account data like as organisations and repositories might have also been exposed when attackers could log in.

The list of affected large sites which suffered from exposed login credentials of users is long, and it is growing also. Past breaches against likes of Adobe and Linkedln particularly make it insignificant to break into the accounts of anyone stupid enough to reuse credentials to login from a breached site at a different place.

GitHub is not an alien for security flaps. For example, hackers sponsored by state in China are extensively blamed last year for the attack on site; apparently linked to hosting of the code, which circumvented the Great Firewall web censorship mechanisms of the country.

Some of the companies which suffered huge leaks of data include Myspace (360 million credentials), Linkedln (117 million credentials), VK (100 million credentials), Tumblr (65 million credentials), Fling.com (40 million credentials) and lately VerticalScope (45 million credentials) and iMesh (51 million credentials).

Moreover, more than 32.8 million plaintext credentials of Twitter are also exposed; however this happened due to the installation of malware on users' PC, and not because of an invasion in servers of Twitter.

» SPAMfighter News - 6/23/2016