
Ask HN: My GitHub account got suspended without any notice - ygcodes
Hello friends,<p>I&#x27;m a Full Stack Developer from India. I&#x27;m a maintainer at Gatsby, Open Sauced and Triager at ExpressJS, Nest.land, JSHttp etc. I use GitHub a lot, but recently my account got suspended midnight without any notice, From my knowledge I haven&#x27;t spammed GitHub, I review 3 - 6 PRs in Gatsby per day, It&#x27;s been a week without GitHub, I have three sponsors in GitHub, they are asking me tons of questions and one of my sponsor stopped sponsoring me (my payout balance got reduced). All of my office work got stopped, I&#x27;m the admin of the org that is used in our company. All employees now don&#x27;t have access to the repo because it is returning 404. I got support from lot of people in Twitter but GitHub is not responding to my ticket for a week. I also created a petition is change.org <a href="https:&#x2F;&#x2F;www.change.org&#x2F;p&#x2F;github-inc-my-github-account-suspended-for-no-reason" rel="nofollow">https:&#x2F;&#x2F;www.change.org&#x2F;p&#x2F;github-inc-my-github-account-suspen...</a> some people supported me over there too. It would be great if GitHub unsuspends me.<p>My support ticket number: 763327<p>GitHub Profile: <a href="https:&#x2F;&#x2F;github.com&#x2F;yg" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;yg</a><p>Save Open source developers!<p>Hope Nat Friedman and GitHub will see this!
======
gojomo
Had a similar thing happen to me with Github a while back (pre-Microsoft
acquisition).

Even as a paying customer for many years, my account was disabled – without
even receiving an email warning. I only discovered when browsing issue
histories where I _knew_ I'd left detailed comments, and noticing my comments
gone without even a note about deletion, leaving threads nonsensically
fragmented.

When I tried to login, I was only faced with a generic "activity that looked
malicious" message – but no hint of what that might have been. Once I
complained, I was restored quickly – but if I'd been on extended vacation, or
perhaps even passed away, there'd have remained giant holes, indefinitely, in
projects I'd contributed to.

Was anything I legitimately did as myself suspect? (They couldn't say.) Was
some third party trying to get access – or did they even briefly succeed,
perhaps with some compromised credential somewhere? (That was my fear – but
they couldn't say & there was no evidence of compromise in what I could see.)

After several angry emails about how they shouldn't accuse a longtime paying
account in good standing of 'malicious activity' – creating fear of an account
compromise of unknown extent – they finally said no, it wasn't unauthorized
access (or attempts thereof) but some comment (unspecified in age/topic) that
a filter deemed similar to other malicious comments.

I'd paid them ~$600 over the previous 5 years, and still had an active
subscription with working billing details. My account was nearly a decade old
with a wide variety of contributions & comments. But still, an automated
system with no apparent human review disappeared my account, without even
generating a notification.

~~~
mcv
For a paid account this is utterly unacceptable. For a free account I can
kinda understand it, although it'd still be nice to get some automated
explanation. An automated system that can't provide a good reason to disable
an account, shouldn't be disabling accounts at all.

If this is a thing that happens at Github, I guess that's another reason to
check out Gitlab instead.

~~~
joepie91_
And this sort of thing is why some of us have been endlessly warning that it's
probably a bad idea to centralize all of the open-source ecosystem onto a
single centralized, proprietary, commercial platform.

Not that those warnings were heeded, of course, as usual.

~~~
codegeek
Technically git is free and you can self host. The issue is that the power of
money cannot be ignored. Github has become the defacto centralized OSS
ecosystem because it is free and can afford to be free due to the money they
have.

I would argue that we should encourage more platforms (paid) that can host git
and not just depend on github or gitlab. But those 2 are successful because
they were some of the early ones and then got a lot of money/funding. There
may be other alternatives but no one wants to put their code with a small
risky company that may not exist tomorrow. IF we can solve that problem, I
think we will be ok.

------
zomglings
It is ridiculous that GitHub has not even responded to your support ticket.

To anyone reading from GitHub, this is making me rethink my choice of GitHub
as a platform, and I'm sure the same is true for other people reading this
post. Your reputation is very much at stake.

To anyone reading this from Gitlab, how easy is it to migrate CI/CD off of
GitHub Actions to Gitlab?

~~~
Yanu-3452
Careful about leaping to conclusions, we're hearing one side of a story here.

~~~
smoe
Well the problem seems to be that the other side can't be bothered to give
their side of the story.

Which is not something unheard of when dealing with large companies.

If true,that they did not respond, that would be much more worrisome to me
than whatever the reason for the ban might have been.

~~~
hinkley
The other side already waived their right to be heard by closing an account...
pardon, _another_ account, with zero communication.

That was the time to start sharing “your side”.

------
bibinou
Hi Yogi, I'm guessing your Github account has been hijacked.

Support won't respond to your emails because it could be the attacker
impersonating you, or he could still have access to your email and get info
that way.

This is Standard Operating Procedure I've seen applied on stolen accounts in
MMO videogames involving stolen credit cards and organized crime. Sometimes
wait time was 6 months with no contact, because they needed to keep the
evidence under seal for the police investigation and avoid tipping off the
attackers.

Your 2-letter nickname and access to important projects makes your account a
high-value target.

Did you have 2FA enabled?

edit: usually the email account got hijacked first, defeating the 2FA/1-time
token. SMS is also easily hackable.

~~~
fishywang
If GitHub really has reason to suspect that op's account is hijacked, they
should be able to figure out at least one of op's email address (simply by the
fact that email address is attached to the account long before the hijacking
happened), and send some communications there? Or provide an official process
of "we suspended your account because we have reason to suspect that your
account is hijacked. we won't response to your emails either, this is how to
contact us to have your account reinstated"?

Also op said they do have 2fa, which makes this excuse even poorer.

~~~
ktm5j
A malicious party could have access to OP's other accounts, maybe OP reuses
passwords. It's in the realm of plausibility that they are being cautious not
to alert the attacker. If they/authorities want to use the opportunity to
observe and collect evidence then I think these actions on GitHub's part are
somewhat reasonable, albeit kind of shitty.

------
trollied
It’s worth noting that the OP has recently acquired a 2-letter username from
someone else & blogged about it: [https://dev.to/yg/how-i-got-two-letter-
username-on-github-i1...](https://dev.to/yg/how-i-got-two-letter-username-on-
github-i12)

I imagine there’s more to this than disclosed.

~~~
Yhippa
I read the article. What's fishy about this?

~~~
ocdtrekkie
There's just a decent likelihood that in the past two weeks some sort of
dispute has been made about this. Maybe the original owner contacted them, and
they are trying to decide what to do about it?

If there's a dispute on something that I don't know how to resolve, just
disabling it until I get advice from a supervisor sounds like a good strategy
to me.

------
simonkafan
In Austria there is a law in place saying if a company has a monopoly (e.g.
public transport) or a quasi-monopoly (e.g. only supermarket in a 100 miles
radius) the company is required to serve any customer and is not allowed to
turn any down.

It is time that all countries introduce laws that prohibit online monopolies
from denying access to their users without good reasons.

~~~
d0100
Cue the "it's not a monopoly" crowd.

I think we need another word for these companies that are way to big and
"monopolize" certain online spaces/communities.

~~~
jedimastert
I think that many people confuse "de facto standard" with monopoly. There are
certainly other services that can do most if not all of the things Github
does, it just doesn't have the audience.

Does GitHub do anything to actively prohibit the use of it's competitors?

~~~
smoe
Think for private repos gitlab has been a viable and fairly popular
alternative for a long time.

I reckon for open source the "de facto standard" plays a much bigger role,
because of the user expectation to find projects on Github.

------
YooLi
I had my username (three letters, my initials) taken and replaced with
initials + underscore + number (xxx_123). No comment from GH or even alert
they were changing it. I guess someone with friends at GH decided they wanted
it. What can you do...

~~~
notdang
that's almost what the author did here, they found an "unused" github handle
that they liked: "yg" and wrote to support to claim it. No need to have
friends at GH.

[https://dev.to/yg/how-i-got-two-letter-username-on-
github-i1...](https://dev.to/yg/how-i-got-two-letter-username-on-github-i12)

------
jacquesm
HN is _NOT_ a support channel for Github, Apple, Microsoft, Paypal, Google and
a 100 other services out there that have piss-poor customer support. If the
only way to get a rise out of these companies is to abuse HN then that should
be indication enough whether or not you should route a critical part of your
business through them.

~~~
pedrogpimenta
No but these kind of posts raise awareness of problems that affect many many
people. I'm happy that this becomes public for the guy in question and for
everyone of us.

~~~
jacquesm
You can see these on a daily basis by now. Just the other day, major Youtube
channel blocked, Gsuite accounts suspended without warning (after a decade of
forking over cash) and so on. The only warning you will ever need is this one:
Don't trust the cloud, don't trust cloud providers and make sure your mission
critical path is only tied to things that you can control or that you have a
'hot' spare standing by for. Otherwise sooner or later you _will_ be bitten.

~~~
mako254
You are absolutely right - you can't just handover a kill switch for your
business to a megacorp. However, there are a lot of instances where
alternatives are not viable because of the same megacorps. For example, email
is a major online ID and being locked out of it can be disastrous even for an
individual. Ideally, you would want an email server of your own - but then the
2 major email providers simply junk the mail from small servers even when they
have good spam filter score. Similar story about search engines directing
traffic to imposters. There are no reasons to believe that this is
unintentional. This wouldn't be a problem if everyone else had the same
priorities as you. What alternative do we have other than to loudly shame them
where it matters and get as many people to off those platforms?

~~~
DNied
So far, only Microsoft has been a nuisance to my personal SMTP server (there's
an open issue about Microsoft's dubious blacklists on GitHub, with several
participants:
[https://github.com/MicrosoftDocs/microsoft-365-docs/issues/5...](https://github.com/MicrosoftDocs/microsoft-365-docs/issues/592#issuecomment-558130249)).

Just a little part of why I hate and mistrust that company.

~~~
BenjiWiebe
Me too. I've repeatedly had deliverability problems to Microsoft. Everywhere
else has had no problems apart from the initial setup when I didn't know what
I was doing.

------
jtolds
Incidentally, what terrible GitHub support that the best way to resolve this
is to get help from Twitter or front page here.

~~~
save_ferris
This is true of far too many major platforms. The only way to get resolution
is to yell as loudly as you can on social media or forums and hope it goes
viral.

Truly terrifying how integral the internet has become and yet due process is
nowhere to be found.

~~~
jlokier
I was blocked from my bank account for a week, with my outgoing rent stuck in
it.

Support (chat only) was mostly unavailable and would disappear before
answering, or ask me for things at times I was asleep and be gone when I woke,
or send me around in circles.

After some research I picked up that their Facebook team was much better than
customer services. So I DM'd someone in the bank's Facebook team, and my
account was unblocked within 20 minutes.

------
gus_massa
This is not a "Show HN:", please change the title to "Ask HN:"

Which is your latest commit in
[https://github.com/gatsbyjs/gatsby/commits/master](https://github.com/gatsbyjs/gatsby/commits/master)
? (Is this the correct project?)

~~~
qu4k
c6593b93e8d85a8cd3d2ead3fa05b9b37f362e18 this was his last commit

~~~
ygcodes
Yes it's 6 days ago!

~~~
gus_massa
For the lazy
[https://github.com/gatsbyjs/gatsby/commit/c6593b93e8d85a8cd3...](https://github.com/gatsbyjs/gatsby/commit/c6593b93e8d85a8cd3d2ead3fa05b9b37f362e18)

It has five authors (one is a bot). The fourth one is the OP but the picture
does not have a link to the profile because it is suspended.

~~~
saagarjha
TIL GitHub pulls out Co-authored-by: lines

------
ViViDboarder
If you’re doing anything mission critical on GitHub (or even if you aren’t), I
highly recommend hosting your own Gitea or GitLab server and, at the very
least, use it to mirror to or from your Github repos.

Gitea is very lightweight and simple to manage. I use mine as my primary
server for personal projects and mirror them to my GitHub account for the
network effect. I also have my server mirroring several upstream projects from
GitHub to run my Drone build server against, but it also makes sure I can
access them should anything happen to the upstream or to my account.

------
marcinzm
That's pretty bad, something for startups to keep in mind if they plan to use
Github for their company I guess.

~~~
IncRnd
At our shop we are happy using Github Enterprise. There may be something
unstated in this page's story.

~~~
MattGaiser
Is your happiness a happiness of never having a problem that needed a human to
resolve or a happiness of having a problem and Github resolving it?

One is an unknown and the other is an counterpoint to this.

~~~
IncRnd
> Is your happiness a happiness of never having a problem that needed a human
> to resolve or a happiness of having a problem and Github resolving it?

It's due to paying github and getting highly technical support. The tooling is
also superior for our purposes.

I am not saying that everyone needs to pay github. There is a good chance,
however, that there was a reason this person's account was suspended. If this
was due to a mistake, a straightforward contact letter would have more results
than starting an internet petition.

------
clairegraham
I had the same thing happen last year, after the Microsoft acquisition. I was
migrating my repos to a new github account and it was automatically suspended.
No email notice or anything. I guess they saw two different accounts logged in
at the same IP and that was enough to trigger it.

I contacted them and explained what I was doing and they reinstated it, but I
always thought Github allowed and even encouraged "machine users" and thus
multiple accounts.

I was definitely annoyed with their heavy-handed approach and lost trust; they
could have emailed me first and given me a warning before just automatically
shutting my account down and restricting access, assuming I'm a bad actor.

------
mariopt
I've seen similar stuff happening when trying to block spammers. I worked for
a major publishing company and we had an issue with the comments, too many
spammers. After a review it has easy to see that 90% of the ip address came
from India, blocking India was an easy fix although it is unfair for good
citizens.

Google your office IP address, maybe it got listed on some spam forum and
GitHub and others used it.

Given you have sponsors, this is a pretty big mistake on their behalf.
Probably just a mistake, hope they restore your account.

------
fareesh
Probably something to do with this? Mistaken identity maybe

[https://dev.to/lucis/how-i-got-the-github-username-of-my-
dre...](https://dev.to/lucis/how-i-got-the-github-username-of-my-dreams-5db5)

~~~
harwoodr
Or even this one...

[https://dev.to/yg/how-i-got-two-letter-username-on-
github-i1...](https://dev.to/yg/how-i-got-two-letter-username-on-github-i12)

Perhaps someone is trolling him as a result...

~~~
robaato
How times change - comment from OP:

[https://dev.to/yg/comment/11cog](https://dev.to/yg/comment/11cog)

    
    
       That's awesome! Agreed they have the best support team I ever have seen!

------
villgax
[https://dev.to/yg/how-i-got-two-letter-username-on-
github-i1...](https://dev.to/yg/how-i-got-two-letter-username-on-github-i12)

You probably abused API limits searching for your two letter username

------
benjaminwootton
I also got my account locked when I changed my telephone number and had the
email address associated with an old work email. They didn’t seem to be able
to unlock it, so I lost a decade worth of projects. I now keep offline
backups.

------
smoothgrammer
Always do a periodic full off-site cold backup of all your GitHub repos. It's
very easy to script and should compress down very small.

~~~
the_svd_doctor
Is there an easy way to do that ? Some script available somewhere ?

~~~
blocked_again
You can write a simple GitHub action that pushes your repo to GitLab/BitBucket
etc every 30 minutes or something.

~~~
rajesh-s
Do you know an example of this?

~~~
hundchenkatze
Here's one I found on the Actions marketplace.

[https://github.com/marketplace/actions/mirroring-
repository](https://github.com/marketplace/actions/mirroring-repository)

------
njsubedi
Whoa! I was talking about the horror stories of losing GitHub account in a
several of my latest comments/threads and I get to see another one. Why
wouldn't they send out a notice, at least, before deactivating an old, active
account?

~~~
thephyber
> Why wouldn't they send out a notice

If it was an account takeover, the malicious user would have changed the email
address on account.

~~~
njsubedi
They could send out a notice to old email when they see a recent email change.
When people change their email address in a service, that doesn't mean the
old, verified email is completely useless.

------
delfinom
More proof that anyone that trusts a cloud service for absolutely mission
critical infrastructure for a business like source control should reconsider.
And I'm not saying this to attack OP in any way.

But everyone should have a system to take backup of their org accounts on
GitHub and other services if thats what you use. You don't want the apocalypse
scenario that the service bans you and now you are all scrambling to find the
latest copies on your PCs.

~~~
hn_throwaway_99
This doesn't make any sense. OPs problem isn't that he doesn't have backups of
his repos (it is _git_ , after all), it's that he doesn't have access to the
_social_ features of github: PR permissions, their patron service, etc.

------
babuloseo
Woah, this is pretty high profile. Github has been having lots of issues
recently. Honestly guys, this started happening ever since they did those new
UI changes.

------
onetom
Many commenters were so focused on offerring some git repo hosting
alternatives, while it was clearly stated in the post that @yg's main use-case
was PR review.

What would you recommend to replace that feature?

[https://docs.gitea.io/en-us/](https://docs.gitea.io/en-us/) doesn't say much
about PRs/Issues unfortunately, but I found this GH-issue which suggest the
Gitea do have a review system since 2018 autumn, which seems to be on par with
Github's interface: [https://github.com/go-
gitea/gitea/pull/3748](https://github.com/go-gitea/gitea/pull/3748)

Can anyone confirm this, who used both Github and Gitea PR review features?

------
sidhanthp
The same thing happened to my Mom's Facebook account.

She's a realtor that used Facebook extensively to stay in contact with her
clients, as well as advertise for new business.

One day, the account disappeared for malicious activity.

PS: if anyone sees this and can help, shoot me a DM on Twitter :)

------
mytailorisrich
Outsourcing source control/repositories for software dev. is a suicidal idea
and it has always puzzled me that so many devs jumped onto the Github (and
friends) bandwagon.

~~~
sreevisakh
Where else do you host where you can easily attract potential contributors,
sponsors and recruiters? Self hosting is not a solution since everyone would
have to maintain separate accounts on all those instances. The discoverability
is also poor. Git's decentralization is a wasted opportunity if
discoverability and participation aren't equally decentralized.

On a related note, I like sourcehut's design. I am not completely familiar
with it, but I don't think you need an account at all to contribute.

------
grumpy-cowboy
My client use paid GitHub services for the new projects they work on. But we
(devs) really hate it because it slow us at lot (can't push/pull, Github
Actions not working, "crash" our CI/CD server, ...) because of instability of
Github servers! Their status page look like a Christmas Tree! Not a single
week without issues.

I don't have control on my client decisions (not my business), but personally
I'm done with GH.

------
mikikikik
used wayback machine to dig up the most starred projects with their short
descriptions. it seems the user has a couple slightly popular projects (10 to
200 stars) about gist and open source contribution tracking. so i think it's
most likely a hacked account, given the interest in (extremely) short account
names. the fact that they banned it without any message is disturbing. i hope
to see what happens to this in a longer time period.

------
agustif
Wow, that's an awful way of getting de-platformed

------
paride5745
I was still on the fence between staying on Github or moving to Gitlab.

All the bad experiences I'm reading in the comments helped me realize it's
time to move to Gitlab.

Too bad my company still doesn't want to migrate (too many integrations with
Github sadly), even considering all the downtimes in the past few months which
have impacted us significantly.

------
pragnesh
[https://dev.to/yg/how-i-got-two-letter-username-on-
github-i1...](https://dev.to/yg/how-i-got-two-letter-username-on-github-i12)
possible reason ?

------
JRodDynamite
I faced the same issue. Had to raise a ticket and GitHub basically reopened it
after some duration (can't remember how long). The deactivation was due to an
automated script apparently.

------
StevePlea
Had a similar thing happen to me. I once travelled to Cuba and checked GitHub
one. My account was suspended but with some complaining it was quickly
restored after they needed real proof of me.

------
jayp1418
Always host company backup local repo in case of emergencies also look at
[https://sr.ht/](https://sr.ht/)

------
LockAndLol
We really need ForgeFed and federated source hosting platforms

------
sheogorath
I'm sorry to break it to you. But that's basically want you agreed to by
accepting their terms of service:

"GitHub has the right to suspend or terminate your access to all or any part
of the Website at any time, with or without cause, with or without notice,
effective immediately. GitHub reserves the right to refuse service to anyone
for any reason at any time."

[https://docs.github.com/en/github/site-policy/github-
terms-o...](https://docs.github.com/en/github/site-policy/github-terms-of-
service#l-cancellation-and-termination)

People, please read and question terms of online services.

~~~
jtolds
> A common moral flaw I see in individualist cultures is thinking that "they
> gave consent" is a good reason to intentionally do something harmful to
> someone.

[https://twitter.com/technocrypto/status/1283038543577788417](https://twitter.com/technocrypto/status/1283038543577788417)

~~~
sheogorath
Well, I would like to point out that the right move here would be to call out
this clause in the terms of service. One could even try to take legal action
in some countries that have civil right measures against such clauses.

But no, instead one runs around and starts a petition.

~~~
TallGuyShort
Yeah, go ahead and call out that clause. I bet that will do more than the
petition.

------
rvz
> Save Open source developers!

You do not need GitHub for this.

Just self-host on a GitLab or Gitea instance to avoid this nonsense of
destroyed logins and account suspensions.

------
kuon
I think this is the little push I needed to move to my own gita instance.

Thank you for sharing, and I wish you the best resolution possible.

------
thinkingkong
Mistakes happen and hopefully this was just one of them. The alternative is
slightly too difficult to bear.

~~~
save_ferris
That’s not a valid excuse for people who rely on these services
professionally. The ability for companies to errantly and permanently ban
people without any kind of due process is unacceptable.

If we as a community truly care about OSS and the people behind it, this kind
of error cannot be tolerated. It flies in the face of everything that the open
source community stands for.

~~~
IncRnd
If someone maintains a project, wouldn't they have the code and be able to
push it to another service (or run their own)?

~~~
save_ferris
This is realistic only if they're the only ones contributing to it, because
otherwise they have to convince their other maintainers to use another
platform. What if the other maintainers just fork the Github repo and keep
going? Now the community has diverged purely because of corporate
incompetence. And in the case of this particular developer, he lost
sponsorship because he was locked out of his GitHub account.

The problem with Github is that everyone uses it, and services like Gitlab
still don't have the same level of activity in the open source community. Well
over 95% of source code links posted here on HN, for example, are Github
links.

~~~
IncRnd
> This is realistic only if they're the only ones contributing to it, because
> otherwise they have to convince their other maintainers to use another
> platform.

Thanks!

How do you know this was due to corporate incompetence?

------
patrickaljord
Hope you get your account back soon.

------
deadmik3
Wait you can get sponsors on github?

~~~
mdaniel
I can see why you couldn't find it: their new help search is __incredibly bad
__

[https://docs.github.com/en/github/supporting-the-open-
source...](https://docs.github.com/en/github/supporting-the-open-source-
community-with-github-sponsors/receiving-sponsorships-through-github-sponsors)

------
FelipeAraujo88
My gosh, that's watch happened. and I was thinking about some fail in server.

------
marvindanig
While this issue might appear small, even a "mistake", and would probably be
resolved to OP's satisfaction (wishing them all the best!), it truly is time
for entrepreneurs to flock together and start building alternatives to Github.

~~~
ianwalter
I love GitHub. It's probably my favorite platform in general but I have to
agree. I would love to see a new platform that is a non-profit or public
benefit corp, perhaps with a government charter or something. Software is too
important not to have this sort of public infrastructure to support it.
Private companies can still innovate to create better tools but public
investment in software infrastructure/tools is an amazing opportunity to
leverage a relatively small amount of pooled resources into a much larger
benefit to society.

~~~
slathrop
There have been attempts at decentralization of git storage and collaboration.
See for example:

[https://cointelegraph.com/news/interview_yurii_rashkovskii_t...](https://cointelegraph.com/news/interview_yurii_rashkovskii_the_creator_of_gitchain_the_unholy_offspring_of_github_and_bitcoin)

I would love to see something like this succeed for all manner of
infrastructure... from domains and DNS, to email, to version control.

------
rurban
Could have been one if those Indian judges, who flagged it. They are on quite
a ride recently.

------
wayneftw
Your change.org petition says 08/07/2020 which hasn't happened yet. Not in the
USA at least :)

You should probably change that to 07/08/2020 if you're targeting American
audiences.

~~~
goneri
or just 2020/07/08, and avoid any confusion.

~~~
cywick
Or just use 2020-07-08 to avoid any confusion AND be ISO 8601 compliant.

~~~
wayneftw
Or just never bring this up again so you don't receive downvotes from people
for simply pointing out a piece of information. Wow!

