I imagine this doesn't affect most devs here as our code is open source but just in case a few of you have private repos I figured you should know.
From what I understand the only information so far about the accounts affected is that they were likely brute forced. (Don't share passwords across services. Don't use simple passwords.) Has anybody seen any more information about the attacks?
This type of thing could happen with any service if you use weak passwords. Rainbow tables, password dictionaries from other hacked sites, etc.
Password managers, 2-step, hardware keys. That's the future.
My password is 16 characters long and all my code is signed and verified when i do a commit.
That should mitigate any issues.