Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Abuse: fraudulent attribution of commits

michael_ernst
michael_ernst
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 11, 2025

At [REDACTED] there are commits that are attributed to me, Michael Ernst.  I did not create those commits, even though they are attributed to me.  I don't know anything about them.  There have been malware commits attributed to me on GitHub in the same timeframe.  Could you please remove those commits and/or remove the repository and/or remove the user who created the repository?

Thank you for your help.

Michael Ernst

Answer
Watch
Like Be the first to like this
233 views

1 answer

1 accepted

1 vote
Answer accepted
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 12, 2025

Hi @michael_ernst 

I can see that this is a public repository - and the commits appear to be made from your university email address (when viewing the raw commit).

You were never a member of this workspace according to its audit log, so there's a chance that a user has made use of a leaked AppPassword/SSH key or similar belonging to your account to authenticate as your username, or your email has been used in local git config.

As a first step, I'd suggest securing your account with 2FA and revoking any AppPasswords/SSH Keys from Personal Settings > App Passwords and Personal Settings > SSH Keys respectively.

Unfortunately, since those commits were made more than 30 days ago, we don't have audit logging available that would reveal their method of creation (our max retention period is 30 days).

I've reached out to our security team for further comment regarding the potential disabling of content.

Cheers!

- Ben (Bitbucket Cloud Support)

 

View More Comments
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 12, 2025

Hi @michael_ernst 

After further discussion with our security team. A more likely scenario is that someone has your email configured as their local username.

This is a problem with DVCS platforms such as GIT - if their git config contains your email address, GIT will record this as the commit author and Bitbucket will map the email to an existing user account (which is why you're seeing your user account in the commit history). Based on your query - it looks like GitHub has the same behaviour.

We have an article that explains this in more detail below - and a feature request to improve upon this behaviour:

Unfortunately,  we can't delete/disable the content you've linked as it has been reviewed and does not contain malicious code.

Please let me know if I can provide further clarification.

Cheers!

- Ben (Bitbucket Cloud Support)

 

 

Like
michael_ernst
michael_ernst
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 13, 2025

A more likely scenario is that someone has your email configured as their local username.

This was my suspicion.

Thank you for your response.  I appreciate it, though I'm disappointed that the content will remain.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security