
GITHUB HACKED: Unhashed passwords pasted, check your email, change your password - ohscarl
https://haveibeenpwned.com/Pastes/Latest
======
ohscarl
Official response from Github:

\--------

Hi there Oscar,

Thanks for writing in about this.

If your credentials were included in that file, you should have already
received an email from us and had your password reset. We've done the same for
all users involved.

There's no indication that GitHub was breached and our downtime was unrelated.
We believe the 5,199 users in the paste linked on haveibeenpwned.com are the
result of someone using a breach from another website against ours to check
for users re-using the same credentials.

If you have any questions, do let us know!

------
baxter001
Git automatically exposes the email of committers, or at least a string that
is nominatively an email, I see no evidence of a anything beyond that here.

~~~
bsin10
Plain text passwords pertaining to each email are included in the dump.

~~~
postila
Decision to store plain text user passwords must cost someone's job.

------
nikolay
That's what happens when people reuse passwords...

------
xavierJohnson
havent been able to find myself in the list... not sure this is real news...

------
nmgsd
can anyone confirm this is legit?

~~~
ohscarl
The pastebin of 5,199 emails is still up as of now. I reported it but if
someone has a PRO account, those reports will get processed sooner and
hopefully the leak won't be abused too badly.

