Isn't this overblown a little bit? If it's part of the metadata and it's pushed to a public space, how is it a 'large-scale-exploit'? I might be ignorant of a few things here so would love to be corrected on this.
I think many developers don't realize how accessible it is -- typically the email is set in some .git profile that you set up once, maybe not even in connection to github. It's not obvious that when you're using Github, your email from that file is being made public.
Also this is somewhat worse than your typical email leak because the email address can be tied to all the github activity, which in many cases includes a lot of professional activity. Targeted phishing (aka spearfishing) has a lot more to go off of.
Please someone tell me this is more than just email address harvesting?
seems like this should be flagged for being clickbait/trying to induce fear
This is not noteworthy.