These are the common pitfalls for identity providers and their users. Usually you would have to check which claims the services requests from your account. I don't know the implementation of GitHub, but it should be their responsibility to display the needed permissions the service requests from your account. But these descriptions often aren't really transparent, you would need to know which GitHub API needs which permissions.
Yes, it is convenient, but third party login comes at a price and in my opinion that price is quite high. A bit funny (sorry) that it compromised their own product with false data. Since it is essentially their fault, you should get your account back and the service abusing your login should be removed from their identity provider. Probably already happend, but I fail to see how users should be indicted here.
Yes, it is convenient, but third party login comes at a price and in my opinion that price is quite high. A bit funny (sorry) that it compromised their own product with false data. Since it is essentially their fault, you should get your account back and the service abusing your login should be removed from their identity provider. Probably already happend, but I fail to see how users should be indicted here.