Mitigation of a Hijacked Account

I am trying to figure out a plan as a preventive measure of what I can do to protect my assets if my github account is hijacked. I have been the target of a series of attacks of which the attacker now has access to all of my online accounts, passwords, computer, & cell phone. They also happen to live below me and because of the close proximity they are able to surveill everything in my house using SDR transceivers, including all keystrokes and everything I write down. I am now in a position where I am at risk of having my github account hijacked. I have been in contact with github support about what I can do to associate my personal information to my github account, so that I am able to recover a hijacked account in the event this takes place, however I was told that they do not offer anything that would allow me to tie my personal information to a personal account.

Are there any measures I can do to allow myself to recover my github account in the event that it is hijcked. Does an enterprise account offer further security protection that would mitigate this? Or is there anything else I can do to prevent this/mitigate this if it happens?

:wave: Welcome!

Honestly, I’m not sure anyone other than law enforcement will be of much use to you in this scenario. We don’t really have any way of protecting someone if literally all their equipment is compromised. I’m not sure anyone does.

If you have a company (and paperwork to prove it), you can create an organisation on the Corporate Terms of Service.

This would mean that the organisation is owned by the real life company, over and above any rights the owner personal account might have. This means that if your personal account is compromised, you can contact support with proof of the company and of your authority within that company (must be a signing authority), and they will have the legal department review this. If everything is in order, the organisation ownership can be passed to a new personal account.

That said, this is in place for extreme and uncommon situations. It isn’t a fast process and it doesn’t protect your content during the time that the attacker has control of your personal account.

I wish we could be of more assistance, but I think this might be outside of our capabilities.

Thanks for the reply!

I was under the impression that there would be some sort of way to tie my personal identity to the account. At which point if the account was hijacked I would be able to prove my personal identity, and have the repositories at least restored through tracing the audit trail. I understand it would most likely not be a viable solution to actually track down the source of who hijacked the account, but at least it would be a preventive measure to allow me to restore my source code so that everything is not completely lost.

After creating an organization under the corporate TOS, what is the workflow for mitigation in cases such as this? Would [at least a copy] of my repositories be recoverable through tracing the audit trail? Does upgrading to an enterprise account also provide these preventive measures, or does an Enterprise account differ from creating an organization under Corporate TOS?

There’s no extra benefit to paying, if that’s what you’re asking.

If you have an organisation on the Corporate Terms of Service, and your personal account is unrecoverable, you would have to contact support - they will look for supporting documentation proving that you are an authorised signatory for the company named when the organisation was set up. Then it is reviewed by legal.

I would expect the process to take an absolutely minimum of 2 weeks, and likely longer. This will not be an adequate solution if you lose accounts regularly.

Provided support is notified of the breach as soon as it happens (or within a couple weeks) all work in the organisation should be recoverable even if it was deleted.