Confirming that people who should know better are still reusing passwords, attackers have successfully used login credentials stolen from other sites to access GitHub accounts.

The attackers were attempting to log into GitHub accounts using email addresses and passwords obtained from other online services that have been breached recently, GitHub said in a statement. After the company became aware of a large number of unauthorized attempts, it reset the passwords on affected accounts and began notifying users.

“We immediately began investigating and found that the attacker had been able to log in to a number of GitHub accounts,” the statement said.

To read this article in full or to leave a comment, please click here

Source: Security