GitHub Security Breach (brute force attack affecting a percentage of users) I just got this e-mail from GitHub: Your GitHub account was compromised as a part of a brute-force password guessing attack, which affected a small percentage of other users. In response, we have revoked your GitHub credentials and we are here to help you secure your account. To access your account you must reset your password here: https://github.com/sessions/forgot_password Accounts that were compromised were likely to have weak passwords, so we wrote this article to help you construct a stronger password: https://help.github.com/articles/what-is-a-strong-password To further protect your account we have revoked your personal access tokens and OAuth applications. You will need to re-authorize any OAuth applications you plan on using with your GitHub account. You will also need to verify any SSH keys you have: https://github.com/settings/ssh After your password has been changed and you have successfully logged in, you will want to review your user account for any suspicious activity. Here is a checklist to get you started: https://help.github.com/articles/preventing-unauthorized-access Thanks for your understanding in helping us protect your account and your code. We're here to answer any questions, just reply to this email. - Shawn Davenport, GitHub Security |