GitHub is experiencing an increase in user account hijackings that’s being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses.
The site for software development projects has already reset passwords for compromised accounts and banned frequently used weak passcodes, officials said in an advisory published Tuesday night. Out of an abundance of caution, site officials have also reset some accounts that were protected with stronger passwords. Accounts that were reset despite having stronger passwords showed login attempts from the same IP addresses involved in successful breaches of other GitHub accounts.