After the reported hijacking of Zuckerberg’s lesser-known social media accounts, yet another online service has fallen victim to LinkedIn’s leaked password dump — Github.
Github has become the latest platform to come under a ‘password reuse’ attack by hackers, who want to gain access to user accounts and data illicitly. The repository hosting website has confirmed in a blogpost saying that it is has detected some unauthorized login attempts to many user accounts.
Shawn Davenport, staff member at Github said in the blogpost that,
This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts. We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts.
Github further emphasizes the fact their own data or servers haven’t been attacked or compromised. The company adds that once it detected some unusual activity, the team immediately began investigating the situation at hand. And well, as feared — it was a cyber attack and some accounts were compromised in the process.
It also adds that for some accounts, other personal information including listings of accessible repositories and organizations may also have been exposed.
While the company hasn’t mentioned LinkedIn by name, but isn’t it surprising to see some many attacks since the cache of the password database last month. But, we can never be too sure, the attacker could have obtained the login credentials from MySpace or Tumblr data leak.
The Next Step
So to curb the data breach, Github is taking steps quite similar to other online services like Netflix or Facebook. It’s just that they are a little late to the party and have already been attacked.
The company has already reset passwords on the affected accounts and is in the process of sending notifications to each user individually.
This breach makes Github the fifth big and important online service to be attacked in the past couple months(following Twitter). The company has now urged users to follow healthy password practices and use two factor authentication to better protect their data.
The hijack of a couple of online services is proving to be fatal for other digital businesses. Earlier this month, Twitter also reported that a malware attack had resulted in user data being hijacked and dumped on the dark web.
While some companies have already felt the wrath of hijackers on their platform, some companies like Facebook and Netflix are checking the leaked data against their own database. You ask why? To remove the possibility of an attack on the users of their services, which is a much needed effort in light of recent events.
With cyber security under the microscope, Gartner has also shed light on it in their report. It states that if all security technologies are not at par with the current tech, then about 60% of the digital businesses will fail by 2020.
