Users with 2FA enabled may see false-alert flags in their security log for
recovery_code_regenerated events between July 15 and August 11, 2022.
These events were improperly emitted during an upgrade to the 2FA platform. The storage format of the per-user value GitHub uses to generate your recovery codes was updated, causing the watch job to trigger the erroneous
No action is required from impacted users with regards to these events. GitHub has a policy to not delete security log events, even ones generated in error. For this reason, we are adding flags to signal that these events are false-alerts. No recovery codes were regenerated, and your existing saved recovery codes are still valid.
- You can view and regenerate your recovery codes in your user settings. See Downloading your two-factor authentication recovery codes for more details.
- See the security log to learn more about GitHub's audit logging.