How a Tiny PR Turned GitHub Into an Email Spam Engine for 400K Developers
A novice developer's minor pull request to Epic Games' GitHub repository unintentionally triggered reply‑all notifications, flooding roughly 400,000 Unreal Engine users with email alerts and exposing a weakness in GitHub's mass‑mention system.
A novice programmer submitted a low‑impact pull request to Epic Games' GitHub repository, merely fixing wording in the README and adjusting a logo size.
To accelerate the merge, the author @‑mentioned @EpicGames/developers in a comment, which triggered a reply‑all event that sent email notifications to every member of the Epic Games organization—about 398,463 users at the time, roughly 400,000 developers.
Because the organization’s members receive automatic email alerts for any PR activity, all those developers were bombarded with messages. The sudden volume also delayed GitHub’s email service, causing some users to receive notifications long after the PR was closed.
Affected developers could only manually unsubscribe from the PR, and Epic Games quickly locked the pull request. The author later apologized on Twitter, claiming ignorance of the massive impact of a simple @‑mention.
The incident sparked jokes about adding the experience to a résumé and criticism of GitHub’s permissive notification mechanism, which allows a single @‑mention to reach hundreds of thousands of users.
Related links:
https://github.com/EpicGames/Signup/pull/24
https://github.com/EpicGames/Signup/pull/24/commits/4e531d5c5e60ea600cfb51492367ec11d888f422
https://twitter.com/Rohithaditya/status/1533305205697130497
Programmer DD
A tinkering programmer and author of "Spring Cloud Microservices in Action"
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.