Security News > 2022 > September > Hackers stealing GitHub accounts using fake CircleCI notifications
GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform.
"While GitHub itself was not affected, the campaign has impacted many victim organizations," GitHub informs in an advisory on Wednesday.
If the compromised account has organization management permissions, the hackers create new user accounts and add them to the organization to maintain persistence.
GitHub has suspended accounts where signs of fraud could be identified.
If you haven't received a notice from GitHub but have valid grounds to believe you may be a victim of the phishing campaign, the recommendation is to reset your account password and 2FA recovery codes, review your PATs, and, if possible, start using a hardware MFA key.
GitHub also lists these security checks that all users should regularly perform to ensure that stealthy hackers have not compromised their accounts.