NewsGitHub Attacks Prompt Password Reset

GitHub Attacks Prompt Password Reset content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The popular code repository site GitHub is reporting a sudden surge in attempted account hijackings. In response, the website has reset compromised passwords and banned the use of common weak passwords.

“While we aggressively rate-limit login attempts and passwords are stored properly, this incident has involved the use of nearly 40K unique IP addresses,” GitHub explained in an advisory. “These addresses were used to slowly brute force weak passwords or passwords used on multiple sites. We are working on additional rate-limiting measures to address this. In addition, you will no longer be able to login to with commonly used weak passwords.”

Users with weak passwords or accounts that were targeted by hackers will need to select new passwords the next time they log in. GitHub also recommends that all users enable two-factor authentication.

View article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories