GitHub confirmed unauthorized attempts to access a large number of GitHub.com accounts.
It seems like the result of an attacker using lists of email addresses and passwords from other online services. These were compromised in the past. Hackers are now trying them on GitHub accounts.
“This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past. Now they are trying them on GitHub accounts.” Explained Shawn Davenport VP of Security at GitHub, in a blog post.
First of all, GitHub was not hacked. Hackers were able to use the common username and password to enter user’s account. In some cases, other personal information including listings of accessible repositories and organizations may have been exposed.
To protect the accounts, GitHub has changed the password for affected accounts. Soon they will send the notification to affected users.
If your account is in the list, GitHub will contact you directly. You will get information about how to reset your password and restore access to your account.
Since February, there have been many high-profile “hacks”. One of the most popular hacks was LinkedIn a few days ago.
The professional social network LinkedIn (now acquired by Microsoft for $26.2 billion) was in headlines last month after it reset passwords on millions of accounts as new data-leak reports began to surface.