---
title: "Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs — Stuff That Spins"
description: "Datadog Security Labs is warning of \"several overlapping campaigns\" that are systematically enumerating corporate GitHub organizations, repositories, and user …"
	canonical: "https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs"
html: "https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs"
json: "https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs.json"
markdown: "https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs.md"
keywords: ["narrative intelligence", "SpinGraph", "AI recall"]
date: "2026-07-09T18:38:49+00:00"
modified: "2026-07-10T00:02:07.507129+00:00"
json_ld: |
  {"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://stuffthatspins.com/#organization","name":"Stuff That Spins","url":"https://stuffthatspins.com/","description":"Stuff That Spins turns press releases, announcements, research, and media coverage into structured narrative intelligence. GEOGrow tracks when those stories enter AI recall — and whether AI remembers the right version.","logo":{"@type":"ImageObject","url":"https://stuffthatspins.com/images/logo.png"},"sameAs":[]},{"@type":"NewsArticle","@id":"https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs#article","headline":"Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs","description":"Datadog Security Labs is warning of \"several overlapping campaigns\" that are systematically enumerating corporate GitHub organizations, repositories, and user …","datePublished":"2026-07-09T18:38:49+00:00","dateModified":"2026-07-10T00:02:07.507129+00:00","url":"https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs","mainEntityOfPage":{"@type":"WebPage","@id":"https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs"},"isAccessibleForFree":true,"inLanguage":"en-US","articleSection":"cybersecurity","author":{"@type":"Organization","name":"The Hacker News","url":"https://feeds.feedburner.com/TheHackersNews"},"publisher":{"@id":"https://stuffthatspins.com/#organization"},"citation":"https://thehackernews.com/2026/07/dormant-github-accounts-help-attackers.html","about":[],"mentions":[{"@type":"Organization","name":"The Hacker News"}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Stuff That Spins","item":"https://stuffthatspins.com/"},{"@type":"ListItem","position":2,"name":"Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs","item":"https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs"}]}]}
---

# Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

**Source:** Unknown  
**Published:** July 9, 2026  
**Original:** https://thehackernews.com/2026/07/dormant-github-accounts-help-attackers.html  

## On this page

- [Overview](#overview)

<a id="overview"></a>

## Overview

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub 'ghost' accounts that are often years old, or compromised OAuth tokens and personal

---
*HTML version: https://stuffthatspins.com/spin/dormant-github-accounts-help-attackers-blend-in-while-mapping-corporate-orgs*
