U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

GitHub said that leaked passwords were used to access its accounts

On Tuesday evening Github became aware of unauthorized attempts to access a large number of its accounts, in response the company has reset their passwords. GitHub announced it has reset the passwords of a number of accounts after the company noticed unauthorized access. The hackers used credentials leaked online after the numerous data breaches suffered […]

GitHub said that leaked passwords were used to access its accounts

On Tuesday evening Github became aware of unauthorized attempts to access a large number of its accounts, in response the company has reset their passwords.

GitHub announced it has reset the passwords of a number of accounts after the company noticed unauthorized access. The hackers used credentials leaked online after the numerous data breaches suffered by other companies.

Users’ bad habits in password management are a key component for the success of this kind of attacks. Users often chose weak passwords and share the same credentials across multiple websites.

github social coding

GitHub confirmed to have detected a large number of attempts to access users’ accounts. The unauthorized accesses were detected on Tuesday evening as explained in the official announcement. GitHub highlighted that its systems have not been hacked by attackers.

“On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts. We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts. GitHub has not been hacked or compromised.” states the security update published by GitHub.

“For affected accounts, usernames and passwords are involved. Additionally, for some accounts, other personal information including listings of accessible repositories and organizations may have been exposed,” 

GitHub has already reset the passwords of the affected accounts, at the same time it is suggesting users to adopt a proper security posture to avoid being victims of the hackers.

“We encourage all users to practice good password hygiene and enable two-factor authentication to protect your account,” states GitHub. “These attacks often evolve, and we’re continuing to investigate and monitor for new attack vectors.”

Recently a number of web services suffered a data breach, the criminal underground was flooded with hundred thousand million records resulting from the security breaches of LinkedIn , Myspace, VerticalScope, Tumblr, and VK .

Other IT giants like TwitterReddit, TeamViewer, Netflix, and Facebook reset passwords of their users.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – GitHub , hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]