NPM Account Recovery and Support Phishing #202216
Replies: 2 comments
-
|
💬 Your Product Feedback Has Been Submitted 🎉 Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users. Here's what you can expect moving forward ⏩
Where to look to see what's shipping 👀
What you can do in the meantime 💻
As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities. Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐ |
Beta Was this translation helpful? Give feedback.
-
|
Update, it looks scammy but appears to be valid. closing. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Bug
Body
Several months back I effectively pre-registered a package under a new account. I'm at a point where I can publish my package, and am now unable to access my account.
I saw that 2fa changes occurred. I never had 2fa setup, and am now unable to access my account.
I went to the support page on the official npmjs.com site, followed the steps to submit a request for resetting 2fa on my account. The next day, I received an email with a support ticket # from a suspicious email address (npm@githubsupport.com) which is a known fake email address. The email asked for the last 8 characters of my auth token to be responded to via email (NOTE TO OTHERS, DON'T DO THAT). There wasn't really much else in the email.
TL;DR; I can't access my account, and somehow triggered a phishing attempt instead of receiving emails from official npm support only after submitting my request.
Beta Was this translation helpful? Give feedback.
All reactions