GitHub saved plaintext passwords of npm users in log files, post mortem reveals - The Register

Unrelated to the OAuth token attack, but still troubling as org reveals details of around 100,000 users were grabbed by the baddies

GitHub has revealed it stored a "number of plaintext user credentials for the npm registry" in internal logs following the integration of the JavaScript package registry into GitHub's logging systems… [+3747 chars]

full article...