GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  blockzilla (@BlockzillaTech) reported 2 seconds ago

  attack vector was simple: employee installed a malicious extension. once inside, they pulled internal source and org files. Github says customer repos weren’t touched (but how many have been done on the same exploit), but that’s not the real issue. the real issue is whatever secrets, keys, and tokens were sitting in those internal repos, im sure its rough day in the trenches rotating everything...

• 
  Tamim (@tamimbuilds) reported 3 seconds ago

  @yadavji_codes GitHub copilot be like I will fix it

• 
  🦅 (@EagleEyesCrypto) reported 2 minutes ago

  if you believe agents will install and run code on their own, you need a package layer that isn’t built for human devs. @Nipmod is exactly that. npm for agents, sitting on top of gitlawb (the github for agents). verified packages, DID-signed ownership, MCP server live. real product, not a deck. 28 verified packages, 388 claimable drafts, working CLI + MCP server for codex / claude code / opencode. gitlawb = github for agents nipmod = npm for agents

• 
  Luis Parra (@LuisParra1019) reported 3 minutes ago

  @reach_vb I’ve been doing: “/goal achieve X and open a PR until Codex Review in GitHub does not find major issues”

• 
  Yash Patel (@yash_patel2003) reported 9 minutes ago

  @sandislonjsak Why ? What's the issue with Github?

• 
  tcpdump (@dump_tcp) reported 9 minutes ago

  @IntCyberDigest should we take the forum down where there advertising it at? #github #teampcp #hacked

• 
  intermind (@perasperagi) reported 10 minutes ago

  the feeling of customization (managing agents, mcp servers) and transparency is also better in github copilot, though perhaps still a little slow on the thinking side but that could be a base plan/model feature

• 
  Patrik (@PatrikTheDev) reported 11 minutes ago

  @theo That would maybe force them to acknowledge the existence of a problem…wait ofc it wouldn’t, they’re GitHub

• 
  21st Century Digital Boy (@TonhaoSemAcento) reported 13 minutes ago

  I bet that hackers did this to fix github downtime

• 
  m-ret (@mretsal) reported 13 minutes ago

  How are we safe when our package manager is compromised and github is down most of the time and HACKED?

• 
  Crash Loop BackOff (@MLOpsCamp) reported 16 minutes ago

  Github continues to flail. At least they're copping to it, though it's not clear what steps they are taking at a more systemic level, given the plague of recent issues.

• 
  ꂦꋪꀤꌗꂦꈤ (@orisonhere) reported 17 minutes ago

  @github imagine they tried to actually fix your platform

• 
  VaultKeepR - Decentralized Password Manager (@vaultkeepr_xyz) reported 17 minutes ago

  16 billion passwords. Two for every human on Earth, scraped from infostealer malware and dumped across thirty databases. Apple, Google, Facebook, GitHub, Telegram — every platform you use has credentials in that dataset. The real story: every tool you were told to trust has already failed you. The cybersecurity industry sold us a simple deal: hand your secrets to a centralized password manager, trust its zero-knowledge encryption, and sleep soundly. LastPass was the poster child. Its vaults were encrypted, the company said — even if breached, your data was safe. Then the FBI and Secret Service confirmed the 2022 LastPass breach directly enabled over $150 million in crypto heists, including the theft from Ripple co-founder Chris Larsen. The attacker captured a master password via a keylogger from a cracked streaming app, bypassed MFA by stealing a trusted device cookie, and downloaded encrypted vaults. Those vaults were cracked offline — especially customers who stored crypto seed phrases in "Secure Notes." In December 2025, the UK's ICO fined LastPass £1.2 million. "LastPass customers had a right to expect the personal information they entrusted to the company would be kept safe and secure." They were wrong. The 16 billion leak amplifies this lesson. Over 85% came from infostealers like RedLine and Vidar, which target browser autofill and password manager databases. The threat is real, happening at scale every day. And the password managers we rely on are not defending us — they're becoming honeypots. Centralized servers, company-controlled encryption keys, employee laptops with VPN access — every link in that chain is a point of trust, and trust is exactly what attackers exploit. Zero-knowledge is no longer enough. It promises the company can't read your data, but doesn't protect you from security failures, insider threats, supply chain attacks, or the fact that your master password is a single point of failure malware can capture. The only way to truly protect credentials is to eliminate trust entirely — to build a system where you don't have to trust a company's servers, employees, or encryption claims because none of it exists. That's the philosophy behind VaultKeepR. No central server, account signup, email, phone number, or master password to steal. Authentication happens on your device via biometrics (fingerprint, face) or your own crypto wallet. Everything is encrypted on-device with Argon2id and XChaCha20-Poly1305 before it touches storage. Backups are distributed across IPFS, where no single node can read your vault. A Shamir 3-of-5 fragmented recovery key means even you don't hold the full key in one place. No employee laptop can be compromised to reach your data because there is no data on our servers. The 16 billion leak and LastPass catastrophe aren't isolated — they're symptoms of a broken architecture that demands trust. Trust in employees, in encryption, in no keylogger on your machine when you type your master password. Too many moving parts in a world where infostealers stole 2.1 billion credentials in 2024 alone. The internet witnessed the largest password leak in history. The FBI confirmed a "zero-knowledge" password manager enabled hundreds of millions in theft. A regulator fined them for negligence. If that doesn't convince you the old model is broken, ask yourself: who are you trusting with your digital life? The answer should be no one.

• 
  TheOpeningMove (@TheOpeningMove1) reported 18 minutes ago

  not the scary part: the repo count. the scary part is the path in. a code editor extension hit an employee machine, then GitHub had to rotate critical secrets. that is not a hosting problem. that is a developer endpoint problem.

• 
  Fabio (@Zero2HeroZombie) reported 19 minutes ago

  GitHub was compromised via a poisoned VS Code extension on an employee device. Internal repositories were exfiltrated: attacker’s claim of ~3,800 repos is consistent with their investigation so far. Cybersecurity is a huge issue. This is why I am tracking $ICP on a daily basis. It offers a higher standard of security.