神刀安全网

开源社区Github遭遇撞库攻击,来看看官方的报道

6月14日,有人利用最近曝光的失窃账号的电子邮件和密码组合尝试登陆GitHub,获取使用相同电子邮件的用户账号。GitHub管理员发现到了这次密码复用攻击,重置了攻击者成功访问的所有账号密码,向受影响的用户发去邮件提供了如何取回账号的方法。GitHub鼓励用户启用二步认证以及采取良好的密码实践,不要重复使用密码。过去几周黑客公开了窃取自MySpace、Tumblr、LinkedIn等社交网站的超过6亿账号。

What happened?

On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts. We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts.

GitHub has not been hacked or compromised.

What information was involved?

For affected accounts, usernames and passwords are involved. Additionally, for some accounts, other personal information including listings of accessible repositories and organizations may have been exposed.

What we are doing:

In order to protect your data we’ve reset passwords on all affected accounts. We are in the process of sending individual notifications to affected users.

What you can do:

If your account was impacted, we are in the process of contacting you directly with information about how to reset your password and restore access to your account.

We encourage all users to practice good password hygiene and enable two-factor authentication to protect your account.

These attacks often evolve, and we’re continuing to investigate and monitor for new attack vectors. Please keep an eye on our blog and on Twitter for pertinent updates, or contact Support if you have any questions.

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 开源社区Github遭遇撞库攻击,来看看官方的报道

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址