当前位置: 首页 > OpenSource > 正文

GitHub resets user passwords following rash of account hijack attacks

GitHub is experiencing an increase in user account hijackings that’s being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses.

The site for software development projects has already reset passwords for compromised accounts and banned frequently used weak passcodes, officials said in an advisory published Tuesday night. Out of an abundance of caution, site officials have also reset some accounts that were protected with stronger passwords. Accounts that were reset despite having stronger passwords showed login attempts from the same IP addresses involved in successful breaches of other GitHub accounts.

“While we aggressively rate-limit login attempts and passwords are stored properly, this incident has involved the use of nearly 40K unique IP addresses,” Tuesday night’s advisory stated. “These addresses were used to slowly brute force weak passwords or passwords used on multiple sites. We are working on additional rate-limiting measures to address this. In addition, you will no longer be able to login to GitHub.com with commonly used weak passwords.”

Read 3 remaining paragraphs | Comments

       



本文固定链接: http://2hei.net/custom-id-github-resets-user-passwords-following-rash-of-account-hijack-attackswed-20-nov-2013-014915-0800.html | 2hei's site

该日志由 2hei 于2013年11月20日发表在 OpenSource 分类下,
原创文章转载请注明: GitHub resets user passwords following rash of account hijack attacks | 2hei's site

报歉!评论已关闭.