Is anyone else getting spammed via GitHub recently?

Yes! I was disappointed at how many steps reporting the malicious user took. I think it was like 10 clicks to finally submit the report, almost like they wanted to make it difficult.

Oh, I thought the hot chicks were really for me…….. damn you github (and fb, email, TikTok, Twitter and so on….)

Yep.

The content of the email was:

" Message me when you are free https://to.sv/SomeUUID

Hey All my photos and videos here https://to.sv/SameUUIDAsAbove "

Very suspicious. I searched the URL on a malicious link lookup site and found "7 security vendors flagged this URL as malicious"

Yes, on a random discussion about editing the README I never interacted with, on a repo I like (BurntSushi's ripgrep) but do not remember interacting with, no star, no follow, no fork or anything else from me (I should star it and interact though, it's awesome).

A lady mentionning something getting wet, many mentions including me and the same type of link others mentionned.

Yes I also got one today.

Couldn't find any "report spam" or "report post" link.

Yes got it an hour or 2 ago. Totally unrelated and no idea how I got tagged.

Yes, just happened this morning... First, I received a GitHub notification without tag (I even didn't know how is it possible) then I was tagged in a comment to a README "I’m completely nak*d Wanna see the photo" plus a link (obviously)...

Edit: It's in the "Discussions" GitHub tab.

Edit: Got a GH response:

"Our review of the account(s) and/or content named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response."

Yes, I contributed a small documentation fix to a service. I'm now assumed to be a maintainer and users tag me in issues whenever the service goes down.

These issues have hundreds of replies, and GitHub has UX problems on large issues: comments you're tagged in aren't immediately visible, which discourages reporting (it may take ~2/3 minutes to expand a conversation to find and report it).

It discourages future contributions to repos I don't maintain.

Got one, the links and repo look legit (on first glance at least). But I have absolutely no idea why I am cc'ed on it.

I'm replacing the specifics with words in "<>", but here's the title of my mail from notifications@github.com:

Re: [/] (Discussion <#number>)

https://www.reddit.com/r/github/comments/zxq399/spammers_als...

Yes I got my first ever GitHub spam today :(

I did start seeing unrelated repos under topics/x

Yes. Yesterday. It was right after I commented on an issue. This is the first time I get that. The interesting thing is that the spam had users that didn't comment on the actual issue.

Is there some setting in GitHub to prevent this messages from coming?

Happened to me a few days ago. Added to a korean github, a lot of repositories that are called "pre-onboarding" or something. Anyone know what is going on?

Same for me. Onlyfans and github have merged I guess.

What kind of repos is this happening for? Like is it targeting personal projects, contributions to bigger open source projects, or something else?

Yes. I nuked my GitHub email canary. The spam comes across as a mail-list thread with a thread ID.

Yes, with random GitHub users mentioned and link to some adult malicious site

Yes, I got it just now, I haven't stared that repo, or have any mentions.

Yep I literally just got one 10 mins ago and saw this thread.

Yep. First time I’ve seen anything like that on GitHub.

Yes, just got one.

Edit: and another…

Yes

Yes, happened just now

yes

yup.