Feb 27, 2026 19:00:00

Startups scraping GitHub activity and sending spam emails to users are being discovered one after another, sparking controversy

A topic was shared on the social site Hacker News about 'spamming emails sent to your email address obtained via GitHub.' It seems that similar cases have been seen many times over the past few years.

Tell HN: YC companies scrape GitHub activity, send spam emails to users | Hacker News

https://news.ycombinator.com/item?id=47163885

The post that went viral was about someone who received an email from a company funded by Y Combinator, the venture capital firm that runs Hacker News, saying, 'We found your GitHub and thought you might like what we're building.'

The poster pointed out that 'it seems like he's sending indiscriminate emails to users who have contributed to his repository.'

In response to this post, a person calling themselves Martin from GitHub

replied , 'Git commit data always contains your name and email address, so scraping data from open source repositories is incredibly easy, even if it's unethical. This type of activity is a clear violation of GitHub's Terms of Service, and if we discover accounts engaging in this type of activity, we can and do take action, including banning the account. It's like a game of whack-a-mole, and to be honest, it's not just startups that are engaging in this kind of shady activity. I've personally seen many cases in various sectors.'

Martin urged people to take action by making their email addresses

private .

In fact, similar incidents have occurred many times, with many posts on the same thread saying, 'It happened to me too.'

It has also been discovered that similar spam emails have been sent as early as 2015 .

Similar incidents have been reported in 2019 and 2022. These appear to have been carried out for advertising and recruitment purposes.