Some GitHub users’ passwords were saved in plaintext due to bug
GitHub has reset some users’ passwords because a bug caused passwords to be stored in plaintext via the internal logging system. The passwords have not come into the hands of third parties.
GitHub notifies affected users in an email that the flaw was discovered during a regular audit. The website speaks of ‘a small number’ of users whose passwords are stored as plain text by the logging system, but does not mention any numbers. The error occurred when requesting a password reset.
Users whose password has entered the log system as plaintext due to the bug will need to set a new password to log back into the website. GitHub has reset the passwords itself.
GitHub does not provide further technical details about the bug. The website says that the logs containing the plaintext passwords were never accessible to third parties. Also within GitHub itself there would have been few people with access to the logs.