Member-only story
On a regular Tuesday, while reviewing pull requests and approving them, I realized I got a “404” page upon submitting the comment — hmm, probably a session aka cache-and-cookies error. I coincidentally hovered over to my Gmail tab to see an email from GitHub Security which had just arrived (“0 minutes ago”) and it looked like GitHub forcefully logged out all the affected users, as a safety measure — which is why I had indeed been getting the 404.
What scares me more though is this particular Github account of mine, which received this notification, was created only a little over a month ago, in times where cybersecurity is more important than ever, and data breaches have become increasingly common.
One would think a company like GitHub, powered by the smartest developers and open source fanatics would have been a little more vigilant of code/deployment changes that would potentially introduce a bug like this one!
“At this time,” of course, isn’t very reassuring either — it seems like we are good for now and merely changing the password on GitHub — and all other sites and systems using the same password, if that was the case for you, would be sufficient. But there always remains a possibility of the unknown unknowns existing and eventually coming out…
