The Inquirer-Home

Github bans rubbish passwords

Following a brute force attack on its systems
Wed Nov 20 2013, 15:17
Security padlock image

CODE REPOSITORY Github is applying a scorched earth policy to weak passwords and insisting that users change them.

Github explains all in a blog post, saying that a recent brute force attack took over a number of user accounts.

"Some Github user accounts with weak passwords were recently compromised due to a brute force password-guessing attack," said Shawn Davenport, director of security at Github.

"I want to take this opportunity to talk about our response to this specific incident and account security in general."

Davenport said that the organisation responded to the attack by contacting all those affected and advising them of what action they should take.

First on its list was not using a weak password. There is other guidance too.

"We sent an email to users with compromised accounts letting them know what to do. Their passwords have been reset and personal access tokens, OAuth authorizations, and SSH keys have all been revoked.

"Affected users will need to create a new, strong password and review their account for any suspicious activity. This investigation is ongoing and we will notify you if at any point we discover unauthorized activity relating to source code or sensitive account information," added Davenport.

"Out of an abundance of caution, some user accounts may have been reset even if a strong password was being used. Activity on these accounts showed logins from IP addresses involved in this incident."

In all, there were 40,000 IP addresses being used to brute force passwords. A solution to this is being worked on, and commonly used or weak passwords are not welcome. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Apple announces the iPhone 6, iPhone 6 Plus and Apple Watch

Which of Apple's new products will you be buying?