My GitHub account got suspended without any notice

Had a similar thing happen to me with Github a while back (pre-Microsoft acquisition).

Even as a paying customer for many years, my account was disabled – without even receiving an email warning. I only discovered when browsing issue histories where I knew I'd left detailed comments, and noticing my comments gone without even a note about deletion, leaving threads nonsensically fragmented.

When I tried to login, I was only faced with a generic "activity that looked malicious" message – but no hint of what that might have been. Once I complained, I was restored quickly – but if I'd been on extended vacation, or perhaps even passed away, there'd have remained giant holes, indefinitely, in projects I'd contributed to.

Was anything I legitimately did as myself suspect? (They couldn't say.) Was some third party trying to get access – or did they even briefly succeed, perhaps with some compromised credential somewhere? (That was my fear – but they couldn't say & there was no evidence of compromise in what I could see.)

After several angry emails about how they shouldn't accuse a longtime paying account in good standing of 'malicious activity' – creating fear of an account compromise of unknown extent – they finally said no, it wasn't unauthorized access (or attempts thereof) but some comment (unspecified in age/topic) that a filter deemed similar to other malicious comments.

I'd paid them ~$600 over the previous 5 years, and still had an active subscription with working billing details. My account was nearly a decade old with a wide variety of contributions & comments. But still, an automated system with no apparent human review disappeared my account, without even generating a notification.

It is ridiculous that GitHub has not even responded to your support ticket.

To anyone reading from GitHub, this is making me rethink my choice of GitHub as a platform, and I'm sure the same is true for other people reading this post. Your reputation is very much at stake.

To anyone reading this from Gitlab, how easy is it to migrate CI/CD off of GitHub Actions to Gitlab?

Hi Yogi, I'm guessing your Github account has been hijacked.

Support won't respond to your emails because it could be the attacker impersonating you, or he could still have access to your email and get info that way.

This is Standard Operating Procedure I've seen applied on stolen accounts in MMO videogames involving stolen credit cards and organized crime. Sometimes wait time was 6 months with no contact, because they needed to keep the evidence under seal for the police investigation and avoid tipping off the attackers.

Your 2-letter nickname and access to important projects makes your account a high-value target.

Did you have 2FA enabled?

edit: usually the email account got hijacked first, defeating the 2FA/1-time token. SMS is also easily hackable.

It’s worth noting that the OP has recently acquired a 2-letter username from someone else & blogged about it: https://dev.to/yg/how-i-got-two-letter-username-on-github-i1...

I imagine there’s more to this than disclosed.

In Austria there is a law in place saying if a company has a monopoly (e.g. public transport) or a quasi-monopoly (e.g. only supermarket in a 100 miles radius) the company is required to serve any customer and is not allowed to turn any down.

It is time that all countries introduce laws that prohibit online monopolies from denying access to their users without good reasons.

I had my username (three letters, my initials) taken and replaced with initials + underscore + number (xxx_123). No comment from GH or even alert they were changing it. I guess someone with friends at GH decided they wanted it. What can you do...

HN is NOT a support channel for Github, Apple, Microsoft, Paypal, Google and a 100 other services out there that have piss-poor customer support. If the only way to get a rise out of these companies is to abuse HN then that should be indication enough whether or not you should route a critical part of your business through them.

Incidentally, what terrible GitHub support that the best way to resolve this is to get help from Twitter or front page here.

This is not a "Show HN:", please change the title to "Ask HN:"

Which is your latest commit in https://github.com/gatsbyjs/gatsby/commits/master ? (Is this the correct project?)

If you’re doing anything mission critical on GitHub (or even if you aren’t), I highly recommend hosting your own Gitea or GitLab server and, at the very least, use it to mirror to or from your Github repos.

Gitea is very lightweight and simple to manage. I use mine as my primary server for personal projects and mirror them to my GitHub account for the network effect. I also have my server mirroring several upstream projects from GitHub to run my Drone build server against, but it also makes sure I can access them should anything happen to the upstream or to my account.

That's pretty bad, something for startups to keep in mind if they plan to use Github for their company I guess.

I had the same thing happen last year, after the Microsoft acquisition. I was migrating my repos to a new github account and it was automatically suspended. No email notice or anything. I guess they saw two different accounts logged in at the same IP and that was enough to trigger it.

I contacted them and explained what I was doing and they reinstated it, but I always thought Github allowed and even encouraged "machine users" and thus multiple accounts.

I was definitely annoyed with their heavy-handed approach and lost trust; they could have emailed me first and given me a warning before just automatically shutting my account down and restricting access, assuming I'm a bad actor.

I've seen similar stuff happening when trying to block spammers. I worked for a major publishing company and we had an issue with the comments, too many spammers. After a review it has easy to see that 90% of the ip address came from India, blocking India was an easy fix although it is unfair for good citizens.

Google your office IP address, maybe it got listed on some spam forum and GitHub and others used it.

Given you have sponsors, this is a pretty big mistake on their behalf. Probably just a mistake, hope they restore your account.

Probably something to do with this? Mistaken identity maybe

https://dev.to/lucis/how-i-got-the-github-username-of-my-dre...

https://dev.to/yg/how-i-got-two-letter-username-on-github-i1...

You probably abused API limits searching for your two letter username

I also got my account locked when I changed my telephone number and had the email address associated with an old work email. They didn’t seem to be able to unlock it, so I lost a decade worth of projects. I now keep offline backups.

Always do a periodic full off-site cold backup of all your GitHub repos. It's very easy to script and should compress down very small.

Whoa! I was talking about the horror stories of losing GitHub account in a several of my latest comments/threads and I get to see another one. Why wouldn't they send out a notice, at least, before deactivating an old, active account?

More proof that anyone that trusts a cloud service for absolutely mission critical infrastructure for a business like source control should reconsider. And I'm not saying this to attack OP in any way.

But everyone should have a system to take backup of their org accounts on GitHub and other services if thats what you use. You don't want the apocalypse scenario that the service bans you and now you are all scrambling to find the latest copies on your PCs.

Woah, this is pretty high profile. Github has been having lots of issues recently. Honestly guys, this started happening ever since they did those new UI changes.

Many commenters were so focused on offerring some git repo hosting alternatives, while it was clearly stated in the post that @yg's main use-case was PR review.

What would you recommend to replace that feature?

https://docs.gitea.io/en-us/ doesn't say much about PRs/Issues unfortunately, but I found this GH-issue which suggest the Gitea do have a review system since 2018 autumn, which seems to be on par with Github's interface: https://github.com/go-gitea/gitea/pull/3748

Can anyone confirm this, who used both Github and Gitea PR review features?

The same thing happened to my Mom's Facebook account.

She's a realtor that used Facebook extensively to stay in contact with her clients, as well as advertise for new business.

One day, the account disappeared for malicious activity.

PS: if anyone sees this and can help, shoot me a DM on Twitter :)

Outsourcing source control/repositories for software dev. is a suicidal idea and it has always puzzled me that so many devs jumped onto the Github (and friends) bandwagon.

My client use paid GitHub services for the new projects they work on. But we (devs) really hate it because it slow us at lot (can't push/pull, Github Actions not working, "crash" our CI/CD server, ...) because of instability of Github servers! Their status page look like a Christmas Tree! Not a single week without issues.

I don't have control on my client decisions (not my business), but personally I'm done with GH.

used wayback machine to dig up the most starred projects with their short descriptions. it seems the user has a couple slightly popular projects (10 to 200 stars) about gist and open source contribution tracking. so i think it's most likely a hacked account, given the interest in (extremely) short account names. the fact that they banned it without any message is disturbing. i hope to see what happens to this in a longer time period.

Wow, that's an awful way of getting de-platformed

I was still on the fence between staying on Github or moving to Gitlab.

All the bad experiences I'm reading in the comments helped me realize it's time to move to Gitlab.

Too bad my company still doesn't want to migrate (too many integrations with Github sadly), even considering all the downtimes in the past few months which have impacted us significantly.

https://dev.to/yg/how-i-got-two-letter-username-on-github-i1... possible reason ?

I faced the same issue. Had to raise a ticket and GitHub basically reopened it after some duration (can't remember how long). The deactivation was due to an automated script apparently.

Had a similar thing happen to me. I once travelled to Cuba and checked GitHub one. My account was suspended but with some complaining it was quickly restored after they needed real proof of me.

Always host company backup local repo in case of emergencies also look at https://sr.ht/

We really need ForgeFed and federated source hosting platforms

I'm sorry to break it to you. But that's basically want you agreed to by accepting their terms of service:

"GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. GitHub reserves the right to refuse service to anyone for any reason at any time."

https://docs.github.com/en/github/site-policy/github-terms-o...

People, please read and question terms of online services.

> Save Open source developers!

You do not need GitHub for this.

Just self-host on a GitLab or Gitea instance to avoid this nonsense of destroyed logins and account suspensions.

I think this is the little push I needed to move to my own gita instance.

Thank you for sharing, and I wish you the best resolution possible.

Mistakes happen and hopefully this was just one of them. The alternative is slightly too difficult to bear.

Hope you get your account back soon.

Wait you can get sponsors on github?

My gosh, that's watch happened. and I was thinking about some fail in server.

While this issue might appear small, even a "mistake", and would probably be resolved to OP's satisfaction (wishing them all the best!), it truly is time for entrepreneurs to flock together and start building alternatives to Github.

Could have been one if those Indian judges, who flagged it. They are on quite a ride recently.

Your change.org petition says 08/07/2020 which hasn't happened yet. Not in the USA at least :)

You should probably change that to 07/08/2020 if you're targeting American audiences.