Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs — Ravie LakshmananJul 09, 2026Developer Security / Supply Chain Security [https
What’s new: Datadog Security Labs has reported on coordinated campaigns that exploit dormant GitHub accounts to map corporate organizations. Attackers utilize automated scraping tools and old or compromised accounts to enumerate public and, in some cases, private GitHub data. The activity is designed to blend in with normal API usage, making it difficult to detect.
Who’s affected
Organizations using GitHub for version control and collaboration, particularly those with public repositories, are at risk. Attackers can gather information about public repositories, user relationships, and even clone private repositories in certain instances.
What to do
- Review and audit GitHub accounts for inactivity and consider removing or securing dormant accounts.
- Implement stricter access controls and monitor API usage for unusual patterns.
- Educate users about the risks of exposing personal access tokens and OAuth tokens.



