Bleeping Computer

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, ...
ZDNet

GitHub says bug exposed some plaintext passwords

GitHub has said a bug exposed some user passwords -- in plaintext. The code repository site, with more than 27 million users as of last year, sent an email to affected users Tuesday. Read also: ...