Lmao, I got hit by this today. Not someone exploiting me, but having to deal with like 3 hours of a bunch of stored tokens freaking out and VSCode panicking at me until I cleared all my caches and cycled my GH login.