GITHUB CAUGHT A BUG that exposed some plaintext user passwords to the code repository’s staff by recording them in its internal logs.
“During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users’ passwords to our internal logging system,” the email said. “We have corrected this, but you’ll need to reset your password to regain access to your account.”
So it would appear that the bug only resulted in a minor data breach, not that GitHub has revealed how many users may have been affected yet. Given GitHub has some 27 million users, any data breach the site suffers has the potential to expose rather large amounts of data; tales of data exposure clearly seems to be in fashion this side of 2018.
GitHub noted it normally stores user passwords using cryptographic hashes, but the bug, which was recently introduced, resulted in the site’s secure internal logs recording plaintext user passwords when the users initiated a password reset.
While these passwords would not have been viewable to the public zipping across the internet, the plaintext passwords would have been easy to spot by GitHub’s internal staff.
If any of the people who saw the plaintext passwords were so inclined they could theoretically copy or make a note of them and then use the passwords to compromise user accounts in their free time. There are better things to do after work, but some people have odd hobbies.
But that didn’t seem to happen and GitHub pointed out that it was not hacked or compromised in any way. So all in all, this looks like a minor borkage of website supporting systems, rather than anything to be terrified about and have you deleting your GitHub account right away.
Normally, GitHub is pretty good at sniffing out and squashing bugs, as seen with its purge of nearly 500,000 bugs from its code libraries in the space of a month. µ
Source : Inquirer