Account Suspended #122266
Replies: 5 comments 3 replies
-
I call it Git Gate. It is a phenomena of account sellings, scams, and even malicious account hackings. |
Beta Was this translation helpful? Give feedback.
-
You possibly visited suspicious websites so remove them from the browsing history. Use an antivirus, and try to use an adblocker, for example Ublock Origin |
Beta Was this translation helpful? Give feedback.
-
I'm sorry to hear about your GitHub account trouble. It sounds frustrating. It's possible your account was compromised through a PAT leak, or a hidden bug because even with 2FA, vulnerabilities are still there. Keep following up with GitHub support, I hope they can provide a solution |
Beta Was this translation helpful? Give feedback.
-
Yeah, I don't see any other ways but to wait for the GitHub support
response.
Now I almost certain it was my PAT that got leaked since I had generated
around 10-15 for my different use cases with no expiration date specified.
…On Sat, May 4, 2024, 15:24 salma el bakkouri ***@***.***> wrote:
I'm sorry to hear about your GitHub account trouble. It sounds
frustrating. It's possible your account was compromised through a PAT leak,
or a hidden bug because even with 2FA, vulnerabilities are still there.
Keep following up with GitHub support, I hope they can provide a solution
—
Reply to this email directly, view it on GitHub
<#122266 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A67RTBKQYEZ5HRIC63VY25TZATHODAVCNFSM6AAAAABHGXHWOWVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TGMJTGU2DC>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I'm posting the follow-up for this issue. I've regained access to my account. It was suspended due to security measures triggered by malicious activity. The root cause was indeed the leakage of my Personal Access Token (PAT). A malicious actor exploited it to generate issues across various posts using an automated script. This is what support texted me:
I'm intrigued by the REST API but couldn't discover a method to retrieve a list of all issues recently created by my user alone. It seems to demand both the repository name and the project owner for this query. Although I came across the endpoint Do you have any suggestions on how I might list the issues created by my user without needing the repository name? I just noticed that the account is usable but it has some issues. I'm marked as spam and cannot use GitHub login anymore Also, my GitHub pages no longer work. There is no error in the pipeline build or anywhere when I push changes. It just acts like there are no GitHub pages enabled at all while I can confirm that it is enabled. Do you think it is related to my account being marked as spam? I asked GH support these questions, but it took 2 weeks before and I have no expectation to get a reply before that, so looking for possible answers here if I can get any. |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
Hello,
I understand that the community can't get my account back. I just want to collect info to figure out what's going on.
My account,
n1md7
, got suspended out of nowhere. I can't access it anymore, and it's like it never existed. I had over a hundred repositories, and now they're all gone.The GitHub login message says I violated their policy but doesn't explain what specifically. I've created a support ticket, but it's been a week, and I haven't heard back. All my life's work is there 😞
Before the suspension, I noticed a weird repository that appeared by "itself". It had a random(UUID) name and talked about hacking. I deleted it and checked my security settings, but I couldn't find any clues about who made it. As a precaution, I disabled some Github auth apps.
I don't think someone hacked my account directly because I didn't get any alerts about unusual activity like email or phone notifications (every new device login requires a 2FA code). Even if they did, there should've been some trace of it. Could it be a problem with my access token (PAT leaked somehow) or a hidden bug that someone found?
I'd appreciate your thoughts on this. How could someone mess with my account and delete everything without setting off any alarms, even though I have Two-Factor Authentication (2FA) turned on?
Beta Was this translation helpful? Give feedback.
All reactions