Jump to content

GitHub Accidentally Recorded Some Plaintext Passwords in Its Internal Logs


Recommended Posts

In an email sent out today, GitHub has warned a select number of users that a bug in its password reset functionality has recorded users' passwords in plaintext format inside the company's internal logs.




The company says that the plaintext passwords have only been exposed to a small number of GitHub employees with access to those logs. No other GitHub users have seen users' plaintext passwords, the company said.


GitHub says that normally, passwords are secure, as they are hashed with the bcrypt algorithm. The company blamed a bug for plaintext passwords ending up in its internal logs. Only users who've recently reset passwords were affected.


The number of affected users is expected to be low. Bleeping Computer has reached out to GitHub for a tally of affected customers, but the company did not respond before this article's publication.

Plaintext password storage bug found during a routine audit

GitHub said it discovered its error during a routine audit and made it clear its servers weren't hacked.

Tens of users shared images of the GitHub emails they've received on Twitter earlier today. Initially, users thought this was a massive phishing campaign, but the messages turned out to come from the real GitHub.


Link to comment
Share on other sites

  • Views 330
  • Created
  • Last Reply


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...