GitHub · GitHub Terms of Service · View original document ↗

User Responsibility for Account Security

Medium severity High confidence Explicitdocumentlanguage Rare · 2 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity GitHub recorded 2 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for GitHub Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

You are fully responsible for keeping your GitHub account secure and for everything that happens under your account, even if someone else posts content using your credentials.

This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The account responsibility clause assigns liability for all account activity to the account holder, including unauthorized access by third parties, which means users may be held responsible for policy violations or content posted by others who gained access to their account.

Recent Activity

This document changed recently

Medium Apr 28, 2026

GitHub's updated Terms of Service now include an explicit section governing AI features, including Copilot. The new section establishes specific contractual terms for how user data may be collected, used, and retained for developing and improving AI and machine learning models, and identifies what controls are available to users. The practical effect is that AI-related data practices are now consolidated under dedicated contractual language rather than dispersed across general service terms.

View change record →
Medium Apr 19, 2026

GitHub's Terms of Service update on April 19, 2026 involved substantial revisions across 54 sentences, with 40 sentences removed and 4 added. The extent of change suggests modifications to core service provisions; however, without access to the specific language that was modified, removed, or added, the precise operational implications for users cannot be determined. Users should review the updated Terms directly to understand how the changes affect their usage rights, account obligations, or dispute resolution procedures.

View change record →

Clause Stability Stable

0
Changes
3
Months Monitored
Apr 3, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 302 other provisions on other platforms.

Consumer impact (what this means for users)

All activity under your GitHub account is your responsibility under these terms, even if your account is accessed without your permission by a third party. Enabling two-factor authentication and monitoring account activity are the primary ways to reduce exposure under this provision.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Navigate to GitHub Settings, then Security, and enable two-factor authentication to reduce the risk of unauthorized account access. Review authorized applications and active sessions regularly.

How other platforms handle this

FanDuel Medium

You may establish, maintain, use and control only one account on the Service. Each account on the Service may only be owned, maintained, used and controlled by one individual. For avoidance of doubt, users may not 'co-own' accounts on the Service. In the event FanDuel determines that you have opened...

Twilio Medium

Twilio may terminate or suspend your access to or use of the Services at any time, with or without cause, effective upon notice. Twilio may immediately suspend your account upon the occurrence of any of the following: (a) you fail to make a timely payment, or (b) we reasonably believe suspension is ...

Wise Medium

We may suspend or terminate your access to the Services at any time and for any reason, including but not limited to: (i) violation of this Agreement; (ii) our inability to verify your identity or the source of your funds; (iii) a request from law enforcement or government authorities; (iv) unexpect...

See all platforms with this clause type →

Monitoring

GitHub has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
You are responsible for maintaining the security of your account and password. GitHub cannot and will not be liable for any loss or damage from your failure to comply with this security obligation. You are responsible for all content posted and activity that occurs under your account (even when content is posted by others who have access to your account). You may not use another User's account without permission.

— Excerpt from GitHub's GitHub Terms of Service

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: The account holder responsibility clause may interact with data protection obligations under GDPR where a compromised account is used to process or expose personal data. The FTC Act may be relevant if GitHub's security practices contribute to account compromises that result in consumer harm. Organizational accounts may have separate employment law considerations regarding employer-employee responsibility for account activity. GOVERNANCE EXPOSURE: Low to Medium. Placing full account activity responsibility on the account holder regardless of unauthorized access is a standard platform provision. For enterprise accounts with multiple contributors, the clause creates an operational risk where any contributor's actions are attributed to the account holder. JURISDICTION FLAGS: GDPR's data breach notification requirements may be triggered if an account compromise results in unauthorized access to personal data in repositories, regardless of who is assigned contractual responsibility for the account. California's data breach notification law (Civil Code Section 1798.82) may also apply in such circumstances. CONTRACT AND VENDOR IMPLICATIONS: Enterprise teams using GitHub organization accounts should implement internal access controls and credential management policies to limit exposure under this clause. The provision does not specify a mechanism for disputing account activity that resulted from unauthorized access, which is a due diligence item for enterprise security teams. COMPLIANCE CONSIDERATIONS: Organizations should ensure that GitHub accounts used in professional contexts have two-factor authentication enabled and that access provisioning and de-provisioning procedures are in place. Data protection teams should assess whether a GitHub account compromise would trigger breach notification obligations under GDPR or applicable state law.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has jurisdiction over data security practices and consumer harm resulting from inadequate account security measures
    File a complaint →

Applicable regulations

DMCA
United States Federal
DSA
European Union
FTC Act Section 5
United States Federal

Provision details

Document information
Document
GitHub Terms of Service
Entity
GitHub
Document last updated
May 5, 2026
Tracking information
First tracked
May 10, 2026
Last verified
May 12, 2026
Record ID
CA-P-001339
Document ID
CA-D-00253
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
610460507af6f60333f6195921a4e0d9629d1fea528d1220cda7340159b5b46b
Analysis generated
May 10, 2026 17:12 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: GitHub
Document: GitHub Terms of Service
Record ID: CA-P-001339
Captured: 2026-05-10 17:12:21 UTC
SHA-256: 610460507af6f603…
URL: https://conductatlas.com/platform/github/github-terms-of-service/user-responsibility-for-account-security/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does GitHub's User Responsibility for Account Security clause do?

The account responsibility clause assigns liability for all account activity to the account holder, including unauthorized access by third parties, which means users may be held responsible for policy violations or content posted by others who gained access to their account.

How does this clause affect you?

All activity under your GitHub account is your responsibility under these terms, even if your account is accessed without your permission by a third party. Enabling two-factor authentication and monitoring account activity are the primary ways to reduce exposure under this provision.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.

Is ConductAtlas affiliated with GitHub?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.