GitHub bans common passwords amid mass brute force hacks

By on
GitHub bans common passwords amid mass brute force hacks

Attacks launched from 40,000 IPs.

GitHub has warned users to review their password security after mass brute force hacking attempts from some 40,000 IP addresses were launched against accounts.

Attackers targeted accounts with weak passwords and those reused on other sites. It was suggested but not known if the targeted passwords were linked to breaches of vBulletin or Adobe.

GitHub was investigating the attacks, had banned individuals from using common passwords on the site and had "aggressively" rate-limited login attempts.

Security manager Shawn Davenport said it reset affected account passwords and wiped access tokens.

"Their passwords have been reset and personal access tokens, OAuth authorisations, and SSH keys have all been revoked," Davenport said in a blog.

"This investigation is ongoing and we will notify you if at any point we discover unauthorised activity relating to source code or sensitive account information."

Accounts with login attempts traced to the attacking IP addresses from China, Venezuela and Indonesia also had passwords reset, regardless of the complexity of the access credentials.

Users should enable two factor authentication and ensure they set strong, high entropy passwords.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia


Most Read Articles

Log In

  |  Forgot your password?