Recently, we’ve been made aware that a number of you have had an influx of GitHub emails from a fork of Unreal Engine that you’re watching due to the fork owner granting the organization write access.
To prevent receiving further updates on the repo, click the little Bell icon by your profile pic, choose the Watching tab and select “Unwatch” on the repos you wish to no longer receive notifications from.
In the short term, you can also filter messages from [EMAIL=“notifications@github.com”]notifications@github.com in your email client to avoid the current clutter. You’ll want to revert that filter once you’ve made the above edits so you’ll still receive notifications on repos you do want them from.
This is more than just watcher spam though. It is malicious intent. I hope Epic is talking with Github because this seems like something that shouldn’t happen.
This needs to be taken seriously. This leaked a large number of emails for people and was almost certainly malicious in nature. It’s not a “oops” change your settings type of event.
The original fork is gone, we can’t remove ourselves from it (unless that was done automatically).
I’m still being added to new forks created from forks created from it. I’ve been added to about 14 different forks now.
Github doesn’t seem to be on the ball.
Temporarily disabled the auto-watch, but that doesn’t solve the, it just stops the symptoms (like the US medical industry!). Need to sort out the root cause of it all.
I agree, I know people are trying to find someone to blame but in all honesty this isnt the first time Ive been spammed through Github thanks to being associated with Epic on there. The way I see it is this person must have had both an Epic and Github account, that there is no real checks on anyone creating Epic accounts (Github Im alittle less concerned about for obvious reasons) and no sort of protections like account aging.
The I see is that Epic are adding features to the launcher to protect their login servers while not protecting account creation process barely at all, now you want to make it easy for people to sign up but you need to think about your 2 million active users too whose security is important. Im just glad this exploit wasnt that far reaching and I think Epic do need to take security seriously because next time an “oops, here fix these settings” might not be enough
Me either. The solution listed above isn’t really workable, I’m not watching any repos other than my own organization’s, and can’t turn off notifications because of my day job. I guess the only real short term solution is to leave Epic org until GitHub gets it’s act together
So yea… my inbox has been filled with this ff-ed up spam as well.
So besides getting about 10-20 answerhub spams a day from spambots saying I can now watch finding dory, get my male reproductive organ enlarged, or play pokemon go in a semi asian language, I am now automatically subscribed to random repo’s and get a brickton of updates whenever someone adds a new or comma to it.
I am afraid it wont be long until i am being pulled into a digital all sausage bitbucket filling festcontest that promotes watching dory while playing pokemon go.
Totally get it ! We’re working with GitHub to see what other provisions can be put into place to avoid this sort of behavior in the future. When developers are part of an organization and have “Automatically watch repositories” enabled, this will occur. Stay tuned for more info about how we can improve quality of life here!
Yeah, same here. Opened my inbox this morning to a dozen of these new Git spam. ugh…
As far as AnswerHub goes we are trying to delete them as fast as possible, but we are getting 100+ spam posts most days so it’s hard to keep up. I go through the previous 24 hours each morning (PST) to delete any that weren’t noticed, @Moss does the same (GMT? not sure what his timezone is) and it seems to be getting better. When I’m online I’m checking it every hour or so as well.
The filter is doing a pretty good job at catching most of it, but due to the sheer quantity of posts some will still get through. We’ve been working to improve the filter lately so hopefully it will continue to get better.
