GitHub Accidentally Exposes Some Plaintext Passwords In Its Internal Logs

GitHub has sent an email to some of its 27 million users alerting them of a bug that exposed some user passwords in plaintext. “During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users’ passwords to our internal logging system,” said the email. “We have corrected this, but you’ll need to reset your password to regain access to your account.” ZDNet reports: The email said that a handful of GitHub staff could have seen those passwords — and that it’s “unlikely” that any GitHub staff accessed the site’s internal logs. It’s unclear exactly how this bug occurred. GitHub’s explanation was that it stores user passwords with bcrypt, a stronger password hashing algorithm, but that the bug “resulted in our secure internal logs recording plaintext user passwords when users initiated a password reset.” “Rest assured, these passwords were not accessible to the


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZCHBUTkdMVc/github-accidentally-exposes-some-plaintext-passwords-in-its-internal-logs

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: