After the recent password leaks from LinkedIn, Tumblr, and MySpace, people who found themselves on the lists were warned to change their login details on any sites where they reused the same credentials.
There’s a good reason for this: hackers will often reuse the leaked information as a way of illicitly accessing other online accounts. It seems that GitHub was recently targetted in this manner; according to a recent blog post, the code repository reported “unauthorized attempts to access a large number of GitHub.com accounts.”
Github itself has not been hacked and the site has not been compromised in any way, but it said the technique has allowed a number of its accounts to be breached, though it didn’t specify how many of its 14 million users were affected.
“This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts,” wrote GitHub’s VP of Security, Shawn Davenport. “We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts.”
The company has assured users that it has reset the passwords on all affected accounts and is currently sending out notifications to the account holders.
Davenport also urged GitHub users to enable two-factor authentication and to "practice good password hygiene."
It’s thought that the overwhelming majority of people who have several different online accounts will reuse at least one password. Earlier this month, it was revealed that Mark Zuckerberg is guilty of this practice. The Facebook CEO was apparently one of the names on the LinkedIn data dump, resulting in his email and password ("dadada") being used to access his Twitter and Pinterest accounts.