Recently, we’ve been made aware that a number of you have had an influx of GitHub emails from a fork of Unreal Engine that you’re watching due to the fork owner granting the organization write access.
To prevent receiving further updates on the repo, click the little Bell icon by your profile pic, choose the Watching tab and select “Unwatch” on the repos you wish to no longer receive notifications from.
In the short term, you can also filter messages from [EMAIL=“notifications@github.com”]notifications@github.com in your email client to avoid the current clutter. You’ll want to revert that filter once you’ve made the above edits so you’ll still receive notifications on repos you do want them from.
This is more than just watcher spam though. It is malicious intent. I hope Epic is talking with Github because this seems like something that shouldn’t happen.
This needs to be taken seriously. This leaked a large number of emails for people and was almost certainly malicious in nature. It’s not a “oops” change your settings type of event.
The original fork is gone, we can’t remove ourselves from it (unless that was done automatically).
I’m still being added to new forks created from forks created from it. I’ve been added to about 14 different forks now.
Github doesn’t seem to be on the ball.
Temporarily disabled the auto-watch, but that doesn’t solve the, it just stops the symptoms (like the US medical industry!). Need to sort out the root cause of it all.
I agree, I know people are trying to find someone to blame but in all honesty this isnt the first time Ive been spammed through Github thanks to being associated with Epic on there. The way I see it is this person must have had both an Epic and Github account, that there is no real checks on anyone creating Epic accounts (Github Im alittle less concerned about for obvious reasons) and no sort of protections like account aging.
The I see is that Epic are adding features to the launcher to protect their login servers while not protecting account creation process barely at all, now you want to make it easy for people to sign up but you need to think about your 2 million active users too whose security is important. Im just glad this exploit wasnt that far reaching and I think Epic do need to take security seriously because next time an “oops, here fix these settings” might not be enough
Me either. The solution listed above isn’t really workable, I’m not watching any repos other than my own organization’s, and can’t turn off notifications because of my day job. I guess the only real short term solution is to leave Epic org until GitHub gets it’s act together
So yea… my inbox has been filled with this ff-ed up spam as well.
So besides getting about 10-20 answerhub spams a day from spambots saying I can now watch finding dory, get my male reproductive organ enlarged, or play pokemon go in a semi asian language, I am now automatically subscribed to random repo’s and get a brickton of updates whenever someone adds a new or comma to it.
I am afraid it wont be long until i am being pulled into a digital all sausage bitbucket filling festcontest that promotes watching dory while playing pokemon go.
[MENTION=14973] Ivey[/MENTION]: Reducing spam is just hiding the symptom, the problem is that push access is being granted to strangers in an unsolicited way.
Totally get it ! We’re working with GitHub to see what other provisions can be put into place to avoid this sort of behavior in the future. When developers are part of an organization and have “Automatically watch repositories” enabled, this will occur. Stay tuned for more info about how we can improve quality of life here!
