SoylentNews is people
SoylentNews
Submission Preview
GitHub Attacker Launched Massive Login Campaign Using Stolen Passwords
Story automatically generated by StoryBot Version 0.1.0a (Development).
Note: This is the complete story and will need further editing. It may also be covered by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.
FeedSource: [ArsTechnica] collected from rss-bot logs
Time: 2016-06-17 03:04:18 UTC
Original URL: http://arstechnica.com/security/2016/06/github-attacker-launched-massive-login-campaign-using-stolen-passwords/ [arstechnica.com]
Title: GitHub attacker launched massive login campaign using stolen passwords
Suggested Topics by Probability (Experimental) : 21.4 science 14.3 code 11.9 digiliberty 11.9 OS 9.5 mobile 7.1 hardware 4.8 technomics 4.8 security 2.4 techonomics 2.4 gaming 2.4 careersedu 2.4 careers 2.4 business 2.4 breaking
--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---
GitHub attacker launched massive login campaign using stolen passwords
Arthur T Knackerbracket has found the following story [arstechnica.com]:
On June 14, someone using what appears to have been a list of e-mail addresses and passwords obtained from the breach of "other online services" made a massive number of login attempts to GitHub's repository service. A review of logins by GitHub's administrators found that the attacker had gained access to a number of accounts, according to a blog post by Shawn Davenport, vice president of security at GitHub. [github.com]
MySpace, Tumblr, and Fling are the latest services to join discredited LinkedIn.
Davenport said that the passwords of the accounts accessed successfully by the attacker have all been reset. GitHub has begun contacting each affected user individually with instructions on how to get back into their account. He also urged GitHub users to enable two-factor authentication for the service [github.com] and to "practice good password hygiene"—providing a link to an xkcd comic on password strength [explainxkcd.com] to explain.
Davenport didn't say whether the attack was through the website or through the GitHub API. He also didn't reveal how many accounts were compromised, though it doesn't appear that any data was lost. "For some accounts, other personal information including listings of accessible repositories and organizations may have been exposed," he wrote.
