GitHub payment method removed
Description
AlphaSOC detected that a payment method was removed from a GitHub account. This action involves removing stored credit card or billing information from the account settings. While this could be legitimate user activity, unauthorized removal of payment methods may indicate account compromise.
Impact
Unauthorized removal of payment methods could lead to service interruptions when subscriptions fail to renew, loss of access to paid features, and potential disruption to development workflows. This may affect GitHub Actions, private repositories, and advanced security features that require active billing.
Severity
| Severity | Condition |
|---|---|
Informational | GitHub payment method removed |
Investigation and Remediation
Review GitHub audit logs to verify if the payment method removal was authorized. Check the user's recent activity and compare against their typical behavior. Examine login history, including IP addresses, locations, and authentication methods. If unauthorized access is suspected, immediately reset the account password, enable two-factor authentication, review and revoke suspicious personal access tokens or OAuth applications, and re-add valid payment methods to maintain service continuity.