Announcement

Collapse
No announcement yet.

GitHub Notification Spam and Disabling Auto-Watch on UnrealEngine GitHub Forks.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    GitHub Notification Spam and Disabling Auto-Watch on UnrealEngine GitHub Forks.

    Hey all,

    Recently, we've been made aware that a number of you have had an influx of GitHub emails from a fork of Unreal Engine that you're watching due to the fork owner granting the organization write access.

    To prevent receiving further updates on the repo, click the little Bell icon by your profile pic, choose the Watching tab and select "Unwatch" on the repos you wish to no longer receive notifications from.



    To avoid this in the future, head to your GitHub account settings, select "Notifications, and uncheck the "Automatically watch repositories" option:



    In the short term, you can also filter messages from notifications@github.com in your email client to avoid the current clutter. You'll want to revert that filter once you've made the above edits so you'll still receive notifications on repos you do want them from.

    If you have any questions, let me know!
    Attached Files
    Last edited by Stephen Ellis; 07-26-2016, 06:36 PM.
    Let's Connect [Twitter]

    #2
    This is more than just watcher spam though. It is malicious intent. I hope Epic is talking with Github because this seems like something that shouldn't happen.

    Comment


      #3
      Originally posted by John Vanderbeck View Post
      This is more than just watcher spam though. It is malicious intent. I hope Epic is talking with Github because this seems like something that shouldn't happen.
      We are in talks with GitHub about how to avoid this sort of behavior in the future.

      Thanks for your concern, John!
      Let's Connect [Twitter]

      Comment


        #4
        I got like 100 emails from github. And I wasn't watching teardemon's repos at all - never heard of him before.
        My game: Wetwork
        http://jcgames.lv

        Comment


          #5
          This needs to be taken seriously. This leaked a large number of emails for people and was almost certainly malicious in nature. It's not a "oops" change your settings type of event.

          Comment


            #6
            The original fork is gone, we can't remove ourselves from it (unless that was done automatically).

            I'm still being added to new forks created from forks created from it. I've been added to about 14 different forks now.

            Github doesn't seem to be on the ball.

            Temporarily disabled the auto-watch, but that doesn't solve the issue, it just stops the symptoms (like the US medical industry!). Need to sort out the root cause of it all.

            Comment


              #7
              Originally posted by KevinHolbrook View Post
              This needs to be taken seriously. This leaked a large number of emails for people and was almost certainly malicious in nature. It's not a "oops" change your settings type of event.
              I agree, I know people are trying to find someone to blame but in all honesty this isnt the first time Ive been spammed through Github thanks to being associated with Epic on there. The way I see it is this person must have had both an Epic and Github account, that there is no real checks on anyone creating Epic accounts (Github Im alittle less concerned about for obvious reasons) and no sort of protections like account aging.

              The issue I see is that Epic are adding features to the launcher to protect their login servers while not protecting account creation process barely at all, now you want to make it easy for people to sign up but you need to think about your 2 million active users too whose security is important. Im just glad this exploit wasnt that far reaching and I think Epic do need to take security seriously because next time an "oops, here fix these settings" might not be enough

              Comment


                #8
                Some people ... just ... grrhhh.. I am still getting these bogus subscribes. Some are 404, but some are forks with gibberish user names.

                Comment


                  #9
                  Originally posted by serioussam909 View Post
                  I got like 100 emails from github. And I wasn't watching teardemon's repos at all - never heard of him before.
                  Me either. The solution listed above isn't really workable, I'm not watching any repos other than my own organization's, and can't turn off notifications because of my day job. I guess the only real short term solution is to leave Epic org until GitHub gets it's act together
                  @tabletopgeneral on Twitter

                  Comment


                    #10
                    Originally posted by KevinHolbrook View Post
                    This needs to be taken seriously. This leaked a large number of emails for people and was almost certainly malicious in nature. It's not a "oops" change your settings type of event.
                    Did it actually leak out anyone's email details? The spam was annoying for sure, but I wasn't aware of any private information being released.

                    Comment


                      #11
                      Thanks, Chance Ivey. Was wondering why all those emails were coming in randomly.
                      check my blog - cybereality.com

                      Comment


                        #12
                        thanks

                        Comment


                          #13
                          I was ADDED to these ... never even heard of them before. Clearly malicious.

                          EDIT : While typing this I was auto subscribed to 6 more forks and received 93 more emails
                          Last edited by Kenomica; 07-27-2016, 01:40 AM.

                          Comment


                            #14
                            See what I mean?

                            Comment


                              #15
                              This thread took a strange turn....

                              Comment

                              Working...
                              X