Datadog Security Labs is warning of « several overlapping campaigns » that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.
« Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old, or compromised OAuth tokens and personal
