False-alert flags will appear in users security log due to a bug in 2FA recovery events

Users with 2FA enabled may see false-alert flags in their security log for recovery_code_regenerated events between July 15 and August 11, 2022.
These events were improperly emitted during an upgrade to the 2FA platform. The storage format of the per-user value GitHub uses to generate your recovery codes was updated, causing the watch job to trigger the erroneous recovery_code_regenerated event.

No action is required from impacted users with regards to these events. GitHub has a policy to not delete security log events, even ones generated in error. For this reason, we are adding flags to signal that these events are false-alerts. No recovery codes were regenerated, and your existing saved recovery codes are still valid.

You can view and regenerate your recovery codes in your user settings. See Downloading your two-factor authentication recovery codes for more details.
See the security log to learn more about GitHub's audit logging.

JUN.15Improvement
Copilot usage metrics now include more of your active users
- Account Management
JUN.10Improvement
Enterprises can now create up to 500 cost centers
- Account Management
JUN.4Release
Budget and usage management APIs now generally available
- Account Management
MAY.29Improvement
Copilot usage metrics API adds cohorts for AI adoption
- Account Management
MAY.20Improvement
Copilot usage metrics reports now use GitHub-owned download URLs
- Account Management
MAY.14Release
Team-level Copilot usage metrics now available via API
- Account Management
MAY.8Release
Copilot code review comment types now in usage metrics API
- Account Management
APR.23Release
Copilot cloud agent fields added to usage metrics
- Account Management
APR.22Improvement
Upcoming change to Copilot usage metrics report download URLs
- Account Management

False-alert flags will appear in users security log due to a bug in 2FA recovery events

Related Posts

Subscribe to our developer newsletter