Fake "Security Alert" issues being posted on GitHub

cyclone

Beware of fake "security alert" issues being posted on GitHub. My cyclone-github account was targeted this morning, so this is actively in the wild.

https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/

Do not open the phishing URLs as they are scams.

Phishing attempt on my GitHub account:
https://github.com/cyclone-github/metamask_pwn/issues/3

Pasted text from fake "Security Alert" issue:

[djiazz](https://github.com/djiazz)
opened [5 hours ago](https://github.com/cyclone-github/metamask_pwn/issues/3#issue-2923058165)
Security Alert: Unusual Access Attempt
We have detected a login attempt on your GitHub account that appears to be from a new location or device.

Login Information
Location: Reykjavik, Iceland
IP Address: 53.253.117.8
Device: Unrecognized
If you recognize this activity, no further action is required. However, if this was not you, we strongly recommend securing your account immediately.

Steps to Secure Your Account
Update your password to prevent unauthorized access: [Change Password](https://github.com/login/oauth/authorize?client_id=Ov23liQMsIZN6BD8RTZZ&redirect_uri=https://github-com-auth-secure-access-token.onrender.com/auth/callback&scope=repo%20user%20read:org%20read:discussion%20gist%20write:discussion%20delete_repo%20workflows%20workflow%20write:workflow%20read:workflow%20update:workflow)
Review and manage active sessions: [Check Recent Activity](https://github.com/login/oauth/authorize?client_id=Ov23liQMsIZN6BD8RTZZ&redirect_uri=https://github-com-auth-secure-access-token.onrender.com/auth/callback&scope=repo%20user%20read:org%20read:discussion%20gist%20write:discussion%20delete_repo%20workflows%20workflow%20write:workflow%20read:workflow%20update:workflow)
Enable Two-Factor Authentication (2FA) for additional protection: [Set Up 2FA](https://github.com/login/oauth/authorize?client_id=Ov23liQMsIZN6BD8RTZZ&redirect_uri=https://github-com-auth-secure-access-token.onrender.com/auth/callback&scope=repo%20user%20read:org%20read:discussion%20gist%20write:discussion%20delete_repo%20workflows%20workflow%20write:workflow%20read:workflow%20update:workflow)
Contact Support
If you need assistance or suspect a security breach, visit:
[GitHub Security Support](https://github.com/login/oauth/authorize?client_id=Ov23liQMsIZN6BD8RTZZ&redirect_uri=https://github-com-auth-secure-access-token.onrender.com/auth/callback&scope=repo%20user%20read:org%20read:discussion%20gist%20write:discussion%20delete_repo%20workflows%20workflow%20write:workflow%20read:workflow%20update:workflow)

Thank you for keeping your account secure.

GitHub Security Team

Screenshot:

cyclone

Update:

The fake issue posted by djiazz, and the user's account have been removed from GitHub.

GitHub's response:
...Our review of the account named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response...

Full response:

GitHub (GitHub Support)

Mar 16, 2025, 9:27 PM UTC

Hi cyclone,
 
Our review of the account named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response.
 
Please note that our response to abuse on GitHub varies depending on the exact circumstances of each case, as noted in our Community Guidelines:
 
What happens if someone violates GitHub's Policies
 
Additional information on dealing with offensive users or content can be found here:
 
What if something or someone offends you?
 
Thank you for helping create a safe and welcoming environment for software developers.
 
Regards, 
GitHub Trust & Safety