GitHub has been hit by a brute-force password-guessing attack that successfully compromised some accounts. Almost 40,000 unique Internet Protocol addresses “were used to slowly brute force weak passwords or passwords used on multiple sites” The exact number of GitHub accounts that had their passwords reset was not disclosed. Users were advised to review their account’s Security History page for recent changes made to their repositories or failed log-in attempts and to enable two-factor authentication. The attack suggests that attackers might have taken lists of usernames and passwords leaked from other websites.”]