- Democrats want to ban use of facial recognition in public housing 1 Year Ago
- In America’s meme war, the left and right are fighting different battles 1 Year Ago
- Mahershala Ali’s ‘Blade’ movie won’t arrive until Phase 5 of the MCU Today 7:18 AM
- Natalie Portman isn’t playing ‘female Thor’—she’s ‘Mighty Thor’ Today 7:08 AM
- How to watch ‘Breaking Bad’ online Today 7:00 AM
- Controversial Instagram influencer plans event called ‘The Scam’ Today 7:00 AM
- How to clear your search history on Instagram Today 6:00 AM
- How to stream the Leagues Cup competition between MLS and Liga MX Today 5:00 AM
- Here’s why you shouldn’t buy a Nintendo Switch until mid-August Monday 5:11 PM
- Man blasted for making his coworkers babysit his child Monday 5:07 PM
- Pete Buttigieg’s country radio interview was blocked from the air Monday 4:35 PM
- 15-year-old Smash Bros. prodigy caught using racist slur in private Discord server Monday 3:47 PM
- Instagram users who post pet pictures more likely to get hacked Monday 3:45 PM
- Post-Prime Day recap: Shipping delays, more sales, and a scam Monday 3:08 PM
- Jacob Wohl returns to Twitter … for now Monday 1:56 PM
Casimiro PT/Shutterstock (Licensed)
We strongly recommend changing your password.
Programmers rely on Github to securely host their open-source software projects. But a recently disclosed bug that exposed passwords may make developers wary of storing their code on the popular repository site.
Github sent an email on Tuesday warning of a glitch in its password reset feature that leaked user passwords in plain text to the company’s internal logs. The site assures passwords were only seen by a small number of employees with access to the logs. They were not released to the public or made available to other users.
Dozens of users posted the email they received to Twitter, though some thought it was a phishing campaign, Bleeping Computer reports.
It was determined the security vulnerability, reportedly discovered during a regular audit, only affects users who recently reset their passwords. Those programmers will be asked to do it again.
The company says the plain text passwords were exposed to a small number of employees with access to the logs. It’s not clear how long the passwords have been leaking, but only a fraction of Github’s 27 million users was affected, suggesting the security flaw formed in the past few weeks.
Github emphasized it had not been the victim of an attack. In June 2016, the software development platform was forced to send out password resets after a bad actor started gaining access to accounts using passwords they had stolen from other compromised sites, like LinkedIn, Dropbox, and MySpace.
In its email to those affected, Github explained it stores passwords with secure “cryptographic hashes (bcrypt),” a powerful encryption algorithm, not plain text. “We use modern cryptographic methods to ensure passwords are stored securely in production.”
Github appears to have fixed the problem. If you received an email from the platform, we strongly recommend you update your password. In fact, you should probably throw it out for good given the chance someone has seen it.
The Daily Dot has reached out to Github and will update this article if we learn more about the bug.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.