Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs — Ravie LakshmananJul 09, 2026Developer Security / Supply Chain Security [https

dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs

What’s new: Datadog Security Labs has reported on coordinated campaigns that exploit dormant GitHub accounts to map corporate organizations. Attackers utilize automated scraping tools and old or compromised accounts to enumerate public and, in some cases, private GitHub data. The activity is designed to blend in with normal API usage, making it difficult to detect.

Who’s affected

Organizations using GitHub for version control and collaboration, particularly those with public repositories, are at risk. Attackers can gather information about public repositories, user relationships, and even clone private repositories in certain instances.

What to do

  • Review and audit GitHub accounts for inactivity and consider removing or securing dormant accounts.
  • Implement stricter access controls and monitor API usage for unusual patterns.
  • Educate users about the risks of exposing personal access tokens and OAuth tokens.

Sources