I recently received a notification for modifications on a repo of another user to which I had supposedly participated, and for which I made 12 commits. The problem is I have never made any of these commits (and have never heard of the user or repo before).
I have changed my account password by security (I do not have any ssh keys authorised), but this doesn’t seem like a hacked account behavior (the commits look like an educational blog project). In addition, although, “my” commits do show up on the repos page, they do not show on my profile activity overview (no commits over the period where they supposedly were made: October 5 → October 13th).
Does someone have an idea why this would have happened and how to avoid it ?
The repo which I have never commited to but am listed as contributor:
Thank you for your help,