- QAnon-touting congressman sneaks ‘Epstein Didn’t Kill Himself’ into tweets Wednesday 7:12 PM
- Ocasio-Cortez met a famous drag queen–and the right melted down Wednesday 6:09 PM
- Woman says Lyft driver tried to kidnap her Wednesday 5:18 PM
- Debunking the right-wing conspiracy theories from today’s impeachment hearing Wednesday 4:29 PM
- Maroon 5 approves of the latest TikTok trend Wednesday 3:54 PM
- ‘One month left in the decade’ meme wants to know what you’ve accomplished Wednesday 3:53 PM
- Facebook Pay is the latest way to send your friends money Wednesday 3:31 PM
- Diving into ‘The Mandalorian’s first big shocker Wednesday 3:17 PM
- Disney+ will allow password sharing—to an extent Wednesday 1:12 PM
- Black server says manager refused to discipline coworkers who sent racist receipt Wednesday 12:47 PM
- Who is Jonah Hauer-King, Disney’s new Prince Eric? Wednesday 12:47 PM
- Cut Katherine Langford ‘Avengers: Endgame’ scene lands on Disney+ Wednesday 12:22 PM
- Planned Parenthood app to show abortion-seeking users their nearest options Wednesday 12:21 PM
- ‘The Imagineering Story’ offers touching insight into Walt Disney’s vision Wednesday 11:57 AM
- YouTube mom who was charged with child abuse dead at 48 Wednesday 11:39 AM
Programmers rely on Github to securely host their open-source software projects. But a recently disclosed bug that exposed passwords may make developers wary of storing their code on the popular repository site.
Github sent an email on Tuesday warning of a glitch in its password reset feature that leaked user passwords in plain text to the company’s internal logs. The site assures passwords were only seen by a small number of employees with access to the logs. They were not released to the public or made available to other users.
Dozens of users posted the email they received to Twitter, though some thought it was a phishing campaign, Bleeping Computer reports.
It was determined the security vulnerability, reportedly discovered during a regular audit, only affects users who recently reset their passwords. Those programmers will be asked to do it again.
The company says the plain text passwords were exposed to a small number of employees with access to the logs. It’s not clear how long the passwords have been leaking, but only a fraction of Github’s 27 million users was affected, suggesting the security flaw formed in the past few weeks.
Github emphasized it had not been the victim of an attack. In June 2016, the software development platform was forced to send out password resets after a bad actor started gaining access to accounts using passwords they had stolen from other compromised sites, like LinkedIn, Dropbox, and MySpace.
In its email to those affected, Github explained it stores passwords with secure “cryptographic hashes (bcrypt),” a powerful encryption algorithm, not plain text. “We use modern cryptographic methods to ensure passwords are stored securely in production.”
Github appears to have fixed the problem. If you received an email from the platform, we strongly recommend you update your password. In fact, you should probably throw it out for good given the chance someone has seen it.
The Daily Dot has reached out to Github and will update this article if we learn more about the bug.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.