I'm in shock because my GitHub account got hacked today. Someone using the name "Linus Torvalds" (which I believe is fake) pushed changes to several of my repositories, overwriting them with initial commits and inappropriate README files. Here's what I've done so far:
- Changed my GitHub password
- Enabled two-factor authentication (2FA)
- Revoked all personal access tokens
- Removed any unknown SSH keys
- Checked all authorized applications
- Secured my email account
Now, I'm trying to:
- Find out how the attacker accessed my account
- Ensure there are no leftover tokens or deploy keys
- Safely restore the affected repositories
- Report this to GitHub (I've already submitted a ticket)
If anyone has been through something similar or has additional advice on securing my account and confirming there's no ongoing access, I would really appreciate your help.
2 Answers
I've heard about a number of supply chain attacks happening lately, so it's possible that something like that is involved. Just keep an eye out for any new security news regarding similar incidents. You can also check this link for added context on recent attacks: [https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/](https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/)
It sounds like a tough situation! Definitely reach out to GitHub support; they can help you regain control and possibly restore your repositories. Make sure to give them all the details about what happened and what steps you've already taken. They’ll be able to guide you on your best options moving forward.
Absolutely, GitHub support is your best bet. They might even have logs that show how the breach occurred. Just remember to be thorough with your explanation—they deal with lots of cases daily.