Was my github account hacked? help

Hello. I want to ask you something. I googled my github account earlier. When I called my github ID test123, I searched for “test123 github”. I found something strange after searching. When I looked at it, there were two sites that are completely the same as my github as the attached photo. When I went on the site, it was exactly the same as my github in May. It’s like a copy of my github one day in May. You can check the attached picture.)

Is this some kind of hacking? I’m asking because there’s no similar case even if I try googling. If you know what’s going on or if you’ve experienced something similar, I’d appreciate it if you could answer.

Thank you

1 Like

Do not worry your account was not hacked

That looks more like someone set up a fake GitHub site using scraped public data. Might be for phishing or something like that. Make sure not to enter credentials there, and it’s probably best to avoid it altogether.

That site is literally mocking GitHub,
I think I saw something like this before, Right here

1 Like

How comes this fake website is able to gain such strong SEO positioning on Google? We’ve already seen that it’s able to reproduce (on demand) any real GitHub user and repository, but now it seems that it’s actively trying to mimic the whole GitHub (which sounds crazy).

It may be a result of the frequent visits of people all over the world, content updation in a short period of time or a large number of website visits in a short period of time.

That’s what I’m thinking about.

“Mimicing” everything isn’t that hard, because they don’t need to: A reverse proxy can take care of that, probably with a cache to avoid hitting GitHub rate limits if they manage to trick enough people for it to be relevant. From there they only need to capture login data sent through the proxy.

I’ve implemented similar things for tests at work: We were testing communication between a mobile app and its backend server. I implemented a reverse proxy that returned invalid answers (e.g. broken data) for certain requests, and forwarded everything else to the backend. That took something like 200 or 300 lines of Python, including a REST-ish API to configure which responses to manipulate. The main technical difference is that for a test system with one instance of the app being tested performance and rate limits didn’t matter, so I didn’t have to worry about caching. Of course there’s a big ethical (and legal) difference between testing and phishing. :slightly_smiling_face:


True, but I was impressed by the scale of it. I’ve checked to see if the fake site would show me some recently new, small and unknown repositories, and it did. But in some cases I noticed a significant lag, so probably it was fetching data in the background, on the fly. But for other repos, I had the impression they were already on the fake site cache. Either this has been going on for years, or they have a strategy for downloading contents (e.g. following up on users’ recent activity, etc.) just to make the website look more legit (if it was outdated it would immediately raise suspicion).

The point is that GitHub is really huge, and even a single repository has so many sub-pages, with code, issues, stats, etc. It doesn’t seem like the work of a single hacker sitting in a flat, there must be some serious horse-power behind this enterprise.

1 Like