Read the original article: GitHub bug briefly gave valid authenticated session cookies to wrong users
Don’t panic: Fewer than 0.001% of sessions compromised through flaw that couldn’t be maliciously triggered
If you visit GitHub today you’ll be asked to authenticate anew because the code collaboration locker has squished a bug that sometimes “misrouted a user’s session to the browser of another authenticated user, giving them the valid and authenticated session cookie for another user.”…
Read the original article: GitHub bug briefly gave valid authenticated session cookies to wrong users