github 帐号被盗

看到邮件才知道。。

Hey est!

A third-party OAuth Application (FastHub) with gist, notifications, read:org, repo, and user scopes was recently authorized to access your account.
Visit https://github.com/settings/connections/applications/98387d50437fdf43d9da for more information.

To see this and other security events for your account, visit https://github.com/settings/security

If you run into problems, please contact support by visiting https://github.com/contact

Thanks,
Your friends at GitHub



第二封邮件：

Hey est!

An email address (est@x.rip) was added to your account. Visit https://github.com/settings/emails to review email addresses currently associated with your account.

To see this and other security events for your account, visit https://github.com/settings/security

If you run into problems, please contact support by visiting https://github.com/contact

Thanks,
Your friends at GitHub


第三封：

Hey est!

An email address () was removed from your account. Visit https://github.com/settings/emails to review email addresses currently associated with your account.

To see this and other security events for your account, visit https://github.com/settings/security

If you run into problems, please contact support by visiting https://github.com/contact

Thanks,
Your friends at GitHub



以前一直不重视 github 帐号安全。。。。谁会这么无聊去盗 github ？

万万没想到，还真有。。。。

但是这个被盗的姿势我没看懂。。第三方 OAuth 是如何做到全自动加到我的帐号里去的？我没有授权点击过。上网都是最新版 chrome。

不过没有设 2FA 的确是我的失误。平时 github 也就去 issue 观光为主没啥特别的用处。

所以这里也跟大家提个醒。。。。。有 2FA 的还是上 2FA 吧。。不要像我这样。。😂