Stolen credentials used to breach GitHub accounts

GitHub reported on 14 June that an attacker launched a campaign to access several GitHub.com accounts using stolen login credentials.

The attacker was able to log in to various accounts and usernames, passwords and potentially personal information including listings of accessible repositories and organisations may have been compromised, according to a 15 June blog post.

GitHub reset the passwords on all the affected accounts and is currently in the process of notifying individual users, the post said. The company encouraged users to adopt good password hygiene and to enable two-factor authentication to ensure their accounts are protected.

It is unclear where stolen credentials came from however, recent breaches including those of Myspace, Tumblr, LinkedIn, and other high profile breaches total more than 640 million compromised accounts that may have potentially been used. GitHub is still investigating the attack and is monitoring for new attack vectors.