GitHub, which hosts developer projects, is the latest victim of last month's leak of over 100 million LinkedIn passwords that are currently being used in a password reuse attack against members of its site.
This kind of attack has gained popularity amongst hackers due to how simple it is to implement. Once successful login credentials have been acquired for one site, criminals then go through the process of attempting to use those passwords on other popular sites which often ends in success as many users practice poor security habits online by reusing their login details.
GitHub first alerted its users to a possible security breach on Tuesday by noting that it was aware of “unauthorised attempts to access a large number of GitHub.com accounts.” The company further explained the situation in a post on its blog in which it said:
“This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts. We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts.”
The company is certain that its own security systems were neither hacked nor compromised despite an attacker gaining access to numerous accounts on the site. GitHub did not refer to the LinkedIn data dumb directly though it is likely tied to the current password reuse attack.
All of the passwords belonging to accounts affected by the attack have been reset and the company is currently “in the process of sending individual notifications to affected users.”
If you have yet to do so, now is an excellent time to adopt best practices when it comes to your online passwords by changing them regularly and using two-factor authentication if it is available.
Image Credit: 360b / Shutterstock