- How to watch ‘Charmed’ online for free 9 Months Ago
- How to watch Patriots vs. Chiefs online for free Today 8:15 AM
- This is the ‘Star Wars’ VR experience you’re looking for Today 8:00 AM
- ‘Salt Fat Acid Heat’ takes viewers on a journey through the four building blocks of a great dish Today 7:00 AM
- How to tell the deep web from the dark web Today 7:00 AM
- How to watch the Saints vs. Rams online for free Today 6:15 AM
- How to watch ‘Supergirl’ online for free Today 6:00 AM
- How to stream the NFL conference championship games Today 5:00 AM
- How to watch Barcelona vs. Leganes online for free Today 1:00 AM
- Daily Stormer founder to turn over personal, financial information in lawsuit Saturday 8:51 PM
- Ariana Grande’s ‘7 Rings’ courts controversy Saturday 6:19 PM
- Crowd of MAGA teens attempts to intimidate Native American protester Saturday 4:13 PM
- ‘Generously buttered noodles’ is the bizarre, wholesome meme you didn’t know you needed Saturday 2:07 PM
- All of Machinima’s YouTube videos are gone, stunning creators and fans (updated) Saturday 1:14 PM
- Photo of federal workers conjures Great Depression Saturday 12:24 PM
Casimiro PT/Shutterstock (Licensed)
We strongly recommend changing your password.
Programmers rely on Github to securely host their open-source software projects. But a recently disclosed bug that exposed passwords may make developers wary of storing their code on the popular repository site.
Github sent an email on Tuesday warning of a glitch in its password reset feature that leaked user passwords in plain text to the company’s internal logs. The site assures passwords were only seen by a small number of employees with access to the logs. They were not released to the public or made available to other users.
Dozens of users posted the email they received to Twitter, though some thought it was a phishing campaign, Bleeping Computer reports.
— SwitHak (@SwitHak) May 1, 2018
It was determined the security vulnerability, reportedly discovered during a regular audit, only affects users who recently reset their passwords. Those programmers will be asked to do it again.
The company says the plain text passwords were exposed to a small number of employees with access to the logs. It’s not clear how long the passwords have been leaking, but only a fraction of Github’s 27 million users was affected, suggesting the security flaw formed in the past few weeks.
Github emphasized it had not been the victim of an attack. In June 2016, the software development platform was forced to send out password resets after a bad actor started gaining access to accounts using passwords they had stolen from other compromised sites, like LinkedIn, Dropbox, and MySpace.
In its email to those affected, Github explained it stores passwords with secure “cryptographic hashes (bcrypt),” a powerful encryption algorithm, not plain text. “We use modern cryptographic methods to ensure passwords are stored securely in production.”
Github appears to have fixed the problem. If you received an email from the platform, we strongly recommend you update your password. In fact, you should probably throw it out for good given the chance someone has seen it.
The Daily Dot has reached out to Github and will update this article if we learn more about the bug.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.