"Predictable password blamed for Gentoo GitHub organisation takeover... Due a lack of two-factor authentication, once the attacker guessed an admin's password, the organisation was in trouble. 'The attacker gained access to a password of an organisation administrator. Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated web pages,' the incident report said..." https://www.zdnet.com/article/predictable-password-blamed-for-gentoo-github-organisation-takeover/