GitLab.com email re-confirmation (June 2020)
As a precautionary measure, some users on GitLab.com will be required to re-confirm
their primary certain email addresses. This issue is intended to serve as a feedback issue and to help address any follow-on questions.
Q: Why am I having to re-verify my email address?
There was a vulnerability that allowed someone to use an email address they may not have owned. This was fixed in a GitLab Security Release 13.0.1, 12.10.7, 12.9.8: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/. Your re-verifying your email address confirms ownership.
Q: Has my account been breached?
No. Due to the vulnerability mentioned above there may be users with verified (secondary) email addresses they don't own. To mitigate this, we require all users with secondary (more than one) email addresses to verify their account.
Q: Why am I receiving multiple emails?
We apologize for any confusion this process may have caused. We used our standard application upgrade capabilities to schedule the verification process including the sending of the "GitLab.com email verification request" email for each potentially affected email address (which is why users received multiple emails). Due to the large volume of emails, slight delays in the delivery process may have occurred.
Q: Has my account been deleted or otherwise affected?
No. This process will simply verify you own the email address being used for your GitLab account.
Q: What happens if I don't re-verify my email address?
You will not be able to log into your account until you have re-verified your email address. You can do that here: https://gitlab.com/users/confirmation/new
Q: I don't know who GitLab is and I never created an account. What's happening?
Your email address may have been used by an individual to create a GitLab account during a limited window of time. If you did not create a GitLab account, please let us know immediately and we will delete the account.