Yesterday, Github has revealed that many users’ account were compromised by brute force password guessing attack. Github has reset passwords and personal access tokens of all affected accounts. Company has also started sending emails to all compromised accounts. Company has also reset passwords of few accounts using strong password just because these accounts showed logins from IP addresses involved in this incident.
Company is also investigating whether any sensitive data has been accessed or not. Github has recorded more than 40,000 unique internet addresses for automated login attempts.
Github is updating its system to prevent Bruteforcing attacks. It will also no longer support weak passwords for any account. If you are Github user, you need to review your account and enable two factor authentication for better security.
Back in September, Github added two-factor authentication for extra layer of security.
In Bruteforce password cracking attack, attackers create an automated program that tries all possible combination of passwords.If your password is weak and contains common words, it is most likely to be crack. So, always try to have a strong password.
Read: how to create strong and hard to crack password