I had enabled 2FA using a mobile number. Today when I have tried to log in from a different device, during the 2FA verification time, I’ve received the code from a consumer phone number [ +91 7906173284 ], stating the TOTP as “Github authentication SDT”. Being Skeptical, I had opted to resend the OTP and then received a different OTP as “Github authentication code”
I have rechecked the number with truecaller and have found that that number belongs to someone named “Sunita Massi” from Uttar Pradesh, India.
As an SOP, I have changed my password and 2FA verification method.
But can anyone please help me out to understand what is going on? What is GitHub authentication SDT and why I have received my 2FA OTP from a consumer mobile number? Are my account and the old password secured?
P.S: I have not found and suspicious SAML log-in session.