Popular software hosting service GitHub Accounts Compromised with the brute force attack, Users reported seeing failed login attempts coming from China, Venezuela, Indonesia, Ecuador and other countries.
The hackers used nearly 40,000 unique IP addresses to send a huge amount of password guesses to GitHub. As a result, some users with easily-guessed passwords, as well as those who had re-used passwords from other compromised websites, saw their accounts broken into.
The site is an online code repository, which lets programmers collaborate on software projects. Major free software projects such as Linux, WordPress, and the Android operating system are hosted there.
According to GitHub the accounts of some users who had weak passwords have been compromised. Impacted customers are being notified via email. Their passwords have been reset, and their SSH keys, access tokens and OAuth authorizations have been revoked.
“These addresses were used to slowly brute force weak passwords or passwords used on multiple sites. We are working on additional rate-limiting measures to address this”
Github has notified users whose accounts were compromised, and reset all their security information; it has also reset the accounts of a few users with strong passwords which showed logins from one of the 40,000 IP addresses.
GitHub has taken a series of measures to protect users against future attacks. For instance, users will no longer be able to log in with commonly used, weak passwords. The site now blocks passwords such as "passw0rd" and "123456". The latter password was used by almost one in every 20 accounts hosted by the niche dating service Cupid Media, which revealed on Wednesday that it had been hacked earlier this year.
Davenport said GitHub plans to implement additional rate-limiting measures and will no longer allow users to log in with "commonly-used weak passwords,"
The hackers used nearly 40,000 unique IP addresses to send a huge amount of password guesses to GitHub. As a result, some users with easily-guessed passwords, as well as those who had re-used passwords from other compromised websites, saw their accounts broken into.
The site is an online code repository, which lets programmers collaborate on software projects. Major free software projects such as Linux, WordPress, and the Android operating system are hosted there.
According to GitHub the accounts of some users who had weak passwords have been compromised. Impacted customers are being notified via email. Their passwords have been reset, and their SSH keys, access tokens and OAuth authorizations have been revoked.
“These addresses were used to slowly brute force weak passwords or passwords used on multiple sites. We are working on additional rate-limiting measures to address this”
Github has notified users whose accounts were compromised, and reset all their security information; it has also reset the accounts of a few users with strong passwords which showed logins from one of the 40,000 IP addresses.
GitHub has taken a series of measures to protect users against future attacks. For instance, users will no longer be able to log in with commonly used, weak passwords. The site now blocks passwords such as "passw0rd" and "123456". The latter password was used by almost one in every 20 accounts hosted by the niche dating service Cupid Media, which revealed on Wednesday that it had been hacked earlier this year.
Davenport said GitHub plans to implement additional rate-limiting measures and will no longer allow users to log in with "commonly-used weak passwords,"
Dear All,
ReplyDeleteWe are going to introduce you a new and exciting world of social network.
FUNBOOK
Join now for free and be a part of this fast growing online social community. Enjoy the new features at one place.
Click Here to Join
or
feel free to contact us HERE
Your precious feedback is highly appreciated
Best of Luck