Blog | G5 Cyber Security

GitHub accounts stolen in ongoing phishing attacks

GitHub users are being targeted by a phishing campaign specifically designed to collect and steal their credentials via landing pages mimicking GitHub’s login page. The phishing emails are delivered from legitimate domains, either using previously-compromised email servers or with the help of stolen API credentials for bulk email service providers. Users that haven’t configured two-factor authentication for their GitHub accounts using a security key are advised by the Microsoft-owned company to use a browser-integrated password manager to protect their accounts and repositories.

Source: https://www.bleepingcomputer.com/news/security/github-accounts-stolen-in-ongoing-phishing-attacks/

Exit mobile version