Dear community, important information for all GitHub users among you. An issue was opened for one of my repositories by someone unknown to me. Title: “Security Alert: Unusual Access Attempt.“
This was followed by some well-structured information, including a list of steps with links to secure my account (heading: “Steps to Secure Your Account“). The GitHub Security Team was listed as the signature.
At first, you’re a bit intimidated. Then, the next question is, “What? A public issue? From the GitHub Security Team?” Hardly. So, the issue was reported to GitHub with suspected phishing.
The real GitHub Developer Support responded within a few hours (it was a Sunday!) and contacted me by email. There was indeed an unspecified violation of GitHub’s policies. The issue was removed, and further, unspecified measures were initiated. I assume the user in question was banned. At this point, I’d like to thank GitHub Support for their quick assistance.
Unfortunately, this whole thing fits with an impression I’ve had for a few months. There are a lot of reports about IT security. Either there are more reports, or there are actually more and more incidents. I have the feeling that some users are trying to do something useful with IT, while others are trying to “rob” these users. We’ll see how this all develops.
Stay healthy and safe
Michael