John Leyden, writing for The Register: GitHub has reset the passwords of users targeted in an attack this week that relied on using stolen credentials from a breach at a third-party site. The software repository itself has not suffered a breach. Hackers behind the assault were trying to break into the accounts of users who had inadvisedly used the same login credentials on an unnamed site that had suffered a breach, as a statement by GitHub explains. GitHub said it had reset the passwords on all affected accounts before beginning the process of notifying those affected. “We encourage all users to practise good password hygiene and enable two-factor authentication to protect your account, ” GitHub sensibly advised. Read more of this story at Slashdot.
Originally posted here:
GitHub Presses Big Red Password Reset Button After Third-Party Breach
