You should review your authorized applications to verify that no new applications with expansive permissions are authorized, such as those that have access to your private repositories.
- In the upper-right corner of any page, click your profile photo, then click Settings.
- In the left sidebar, click OAuth Applications.
- Review the tokens that have access to your account. For those that you don't recognize or that are out-of-date, click Revoke. To revoke all tokens, click Revoke all.
