GitHub forced password reset after using Happy Coder - anyone else experienced this? #357
Description
Context
Shortly after installing and using Happy Coder for the first time, GitHub forced a password reset on my account, citing a "suspicious login" detection. Their email mentioned infostealer malware as a possible cause in similar cases.
What happened
- Installed Happy Coder and authorized the OAuth app on GitHub
- A few hours later, GitHub reset my password and revoked all OAuth tokens (Slack, Bitrise, Snyk, Notion, etc.)
- Received an email from GitHub stating they detected suspicious activity
Investigation
- My GitHub security audit log shows no unauthorized access or suspicious IPs
- All logged activity is from my known locations (France)
- The only new OAuth authorization in the timeframe is Happy Coder
- Full malware scans came back clean
Questions
- Has anyone else experienced a GitHub password reset or security alert after installing Happy Coder?
- How does Happy Coder authenticate with GitHub - does it store or proxy credentials in any way that could trigger GitHub's security systems?
- Is there any server-side component that might cause GitHub to flag the connection as suspicious?
I'm not implying Happy Coder is at fault - this could be coincidental timing. Just trying to understand if there's a pattern or if this is an isolated incident.