Account Compromised – Password Changed and Unauthorized 2FA Enabled #200714
Replies: 3 comments 1 reply
-
|
I am really sorry to hear this. Falling victim to malware (specifically an infostealer that hijacks your browser session cookies) is incredibly stressful. However, you've already handled the immediate steps perfectly by securing your email and opening an official support ticket. To answer your specific questions and give you some peace of mind: 1. Can an account be recovered after an attacker changes the password and enables 2FA?Yes, absolutely. GitHub Support deals with this exact scenario daily. Since you still have full access to the primary email address and acted quickly, your chances of a successful recovery are very high. GitHub's internal security team has the authority to completely remove the unauthorized 2FA and restore your access once ownership is verified. 2. How long does GitHub Support take to respond?Because account compromises require strict manual verification to ensure the account goes back to the rightful owner, it typically takes anywhere from 3 to 10 business days. 3. What verification will GitHub ask for?To prove you are the true owner, GitHub Support will likely ask you for technical evidence that an attacker wouldn't have. Be prepared to provide:
4. What else should you do right now while waiting?Since your PC was likely infected with malware, your active sessions for other websites are also at risk. Take these steps immediately:
Hang in there! You’ve done the right things so far. The wait is the hardest part, but the GitHub team will help you get your profile back. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Update (More than Two Weeks Later)Hello everyone, I wanted to provide an update regarding my GitHub account recovery and ask for some guidance. It has now been more than two weeks since I submitted GitHub Support Ticket #4527956 regarding my compromised account. What happenedOn July 1, 2026, I received two security emails from GitHub:
I did not perform either of these actions. I still have full access to the original email address associated with the account and secured it immediately by changing its password. Current status
I have intentionally not opened duplicate support tickets because I understand that doing so is discouraged. I still have:
I am ready to provide any additional verification GitHub Support requires. My questionHas anyone experienced a similar delay with an account compromise case?
@tobiager I apologize for mentioning a maintainer directly. I completely understand that only GitHub Support can recover an account. I am only looking for advice on the proper process for following up on an existing support ticket after more than two weeks without a response. Thank you. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Question
💬 Feature/Topic Area
Other
Body
GitHub Account Compromised - Password Changed and Unauthorized 2FA Enabled
Hello everyone,
I would like to ask for advice from anyone who has experienced a similar situation.
My GitHub account was compromised. I received an email from GitHub notifying me that my password had been changed, and about one minute later I received another email stating that two-factor authentication (2FA) had been enabled. I did not perform either of these actions.
Current situation:
I also suspect that my Windows computer may have been infected with malware after I downloaded software from an untrusted source, so I am currently scanning my system and securing my other accounts.
I understand that only GitHub Support can recover an account in this situation. My questions are:
I appreciate any advice or experiences you can share.
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions