Home > Security > Security News

BreachForums Vendor Puts GitHub Usernames and Emails on Sale on the Dark Web

Published on March 28, 2025
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor

A dark web user, Clear Voice, posted about a sale allegedly of GitHub developers' data. On 26 March the user stated that they were looking for buyers for GitHub.com usernames.

The data with a total of 4591 lines in two files includes the following:

Screenshot of the dark web post by Clear Vision Selling GitHub data
Screenshot of the dark web post by Clear Vision Selling GitHub data | Source: Daily Web Intelligence

The legitimacy of the data purportedly from GitHub could not be verified at the time of posting. However, it could be the result of vulnerability exploitation in the past.

It is not unusual for cybercriminals and dark web vendors to exchange and further exploit stolen credentials on breach forums for financial fraud and phishing scams.

The compromise of GitHub Action was recently in the news for exposing critical CI/CD secrets across multiple repositories. 

Continuous Integration/Continuous Deployment (CI/CD) access may expose sensitive data like passwords, API keys, npm tokens, etc. required during the building, testing, and other phases of software development.

It was a supply chain attack that originated from an earlier breach of the ‘reviewdog/action-setup@v1’ GitHub Action via the exploitation of a vulnerability. It was further reported that the primary target of the GitHub breaches was Coinbase, the U.S.-based cryptocurrency exchange. 

The attack was launched by injecting malicious code into reviewdog/action-setup@v1 GitHub Action.

GitHub was also impacted in a credentials leak incident in January this year with Cyble reporting the same naming large enterprise security vendors. The incident exposed critical internal systems such as GitHub, Jira, and AWS. 

Customer credentials targeting WordPress, Microsoft, and Okta were also exposed in the breach.

Add a Comment
Related
Scammers Dupe Victims of Financial Fraud with Online Personas of Victims and FBI IC3 Officials
Virtual Credit Card and Bank Account Data on Sale with Instructions for Use on PayPal, eBay and AdWords
ClickFix Scams Impersonating MS Defender and Cloudflare Bot Checks Target U.S. Users
IronHusky APT Revives MysterySnail RAT to Target Government Organizations in Russia and Mongolia
Critical Zero-Day Vulnerability in Bubble.io Exposes User Data Across Major Enterprises to Risk
China State Sponsered Spies
Chinese Threat Actor Activity Targets Edge Routers, Canadian Cybersecurity Center Warns
Most Popular
Scammers Dupe Victims of Financial Fraud with Online Personas of Victims and FBI IC3 Officials
Margaret Qualley in FosseVerdon, Chris Evans in Ghosted, and Aubrey Plaza in Megalopolis
Honey Don’t! (2025): All About the Margaret Qualley and Chris Evans Starrer film 
Star Wars Starfighter
Star Wars: Starfighter- Know Everything About Ryan Gosling and Shawn Levy’s film 
Virtual Credit Card and Bank Account Data on Sale with Instructions for Use on PayPal, eBay and AdWords
Still from Ransom Canyon
Ransom Canyon: Where is Season 1 Filmed & Where will Season 2 be shot?
Him Movie
HIM (2025): Everything we know About Jordan Peele’s Spine-Chilling Sports Horror film
Scammers Dupe Victims of Financial Fraud with Online Personas of Victims and FBI IC3 Officials
Honey Don’t! (2025): All About the Margaret Qualley and Chris Evans Starrer film 
Star Wars: Starfighter- Know Everything About Ryan Gosling and Shawn Levy’s film 
Virtual Credit Card and Bank Account Data on Sale with Instructions for Use on PayPal, eBay and AdWords
Ransom Canyon: Where is Season 1 Filmed & Where will Season 2 be shot?
HIM (2025): Everything we know About Jordan Peele’s Spine-Chilling Sports Horror film

Most Popular
Scammers Dupe Victims of Financial Fraud with Online Personas of Victims and FBI IC3 Officials
Margaret Qualley in FosseVerdon, Chris Evans in Ghosted, and Aubrey Plaza in Megalopolis
Honey Don’t! (2025): All About the Margaret Qualley and Chris Evans Starrer film 
Star Wars Starfighter
Star Wars: Starfighter- Know Everything About Ryan Gosling and Shawn Levy’s film 
Virtual Credit Card and Bank Account Data on Sale with Instructions for Use on PayPal, eBay and AdWords
Still from Ransom Canyon
Ransom Canyon: Where is Season 1 Filmed & Where will Season 2 be shot?
Him Movie
HIM (2025): Everything we know About Jordan Peele’s Spine-Chilling Sports Horror film
Scammers Dupe Victims of Financial Fraud with Online Personas of Victims and FBI IC3 Officials
Honey Don’t! (2025): All About the Margaret Qualley and Chris Evans Starrer film 
Star Wars: Starfighter- Know Everything About Ryan Gosling and Shawn Levy’s film 
Virtual Credit Card and Bank Account Data on Sale with Instructions for Use on PayPal, eBay and AdWords
Ransom Canyon: Where is Season 1 Filmed & Where will Season 2 be shot?
HIM (2025): Everything we know About Jordan Peele’s Spine-Chilling Sports Horror film

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: