GitHub, the top software development platform in the world, made some users reset their passwords after discovering an issue that resulted in credentials being recorded in plain text in internal logs.
A routine corporate audit uncovered the problem, which involved some users sharing on Twitter the email correspondence that the organisation had received.
The business promptly stated that user data was safe and that none of its systems had been compromised.
The business further stated that the plaintext passwords were not publicly available and could only be seen by a limited number of its IT workers through internal log files.
Source: https://securityaffairs.com/72030/security/github-password-problem.html
TPRM report: https://scoringcyber.rankiteo.com/company/github
"id": "git432251223",
"linkid": "github",
"type": "Data Leak",
"date": "05/2018",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Software Development Platform',
'name': 'GitHub',
'type': 'Organization'}],
'attack_vector': 'Internal Logging Error',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Plain Text Passwords']},
'description': 'GitHub discovered an issue resulting in credentials being '
'recorded in plain text in internal logs, prompting some users '
'to reset their passwords.',
'impact': {'data_compromised': ['Plain Text Passwords']},
'response': {'communication_strategy': ['Public Statement'],
'containment_measures': ['Password Reset']},
'title': 'GitHub Plain Text Password Logging Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Internal Logging Mechanism'}