@vyshakh discovered that some repositories imported through GitHub’s UI were set to public visibility by default for a brief period, regardless of the user’s intended privacy choice before starting the import. Upon learning about this issue, we immediately fixed the bug and took the following action: we changed the repository visibility to private for any repositories imported from authenticated sources, deleted any public forks that may have been created from the imported repositories, and notified all affected users. Additionally, we’re investigating ways to prevent regressions of this type from occurring again by creating more secure defaults, and increasing test coverage of views.