Github is forcing a password reset on some of its users after it detected a number of successful intrusions into its repositories using credentials compromised in other breaches.
“This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts,” GitHub said in an advisory published Thursday by Shawn Davenport, GitHub VP of security. “We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts."
GitHub said it detected late Tuesday unauthorized attempts against a large number of GitHub accounts. It stressed that GitHub itself has not been compromised.