I’ve immediately changed my password and received and email to “Reset my password” and I’ve followed the link and changed it.
Then I got an email yet again about a password change but this time it was me.
A few strange things:
- No email requesting my first password reset
- No unrecognised logins in the GitLab authorization log
Any idea how can I understand who had changed my password and whether my projects have been exposed?