[pytest-dev] github compromised account on organisation

Bruno Oliveira nicoddemus at gmail.com
Thu Dec 8 09:23:27 EST 2022

Thanks Floris.

Yes, please go ahead and contact the user.

I've posted a thread about this for the Core team in the pytest-dev
Discussions, just for reference:



On Thu, Dec 8, 2022 at 10:18 AM Floris Bruynooghe <flub at devork.be> wrote:

> Hi folks,
> Github recently sent an email warning of a member of the pytest-dev org
> (I'm purposefully not adding identifiable information here) likely
> having a compromised API token that may have been abused.  The member in
> question only has read access to all but one plugin repository so the
> impact is limited.
> Nevertheless we should probably contact them to ask for them to make
> sure they revoke all API tokens, replace them with more limited-scopes
> ones if possible and audit the plugin.  If they can't do this or don't
> respond I guess we should (temporarily) restrict their access to the
> plugin as well.
> I'm happy to contact them, but also didn't do so yet just in case
> multiple folks jump on this.  Probably one is enough.
> Cheers,
> Floris
> _______________________________________________
> pytest-dev mailing list
> pytest-dev at python.org
> https://mail.python.org/mailman/listinfo/pytest-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/pytest-dev/attachments/20221208/cd86ae24/attachment.html>

More information about the pytest-dev mailing list