You should review your authorized applications to verify that no new applications with expansive permissions are authorized, such as those that have access to your private repositories.

  1. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  2. In the left sidebar, click OAuth Applications. OAuth Applications tab
  3. Review the tokens that have access to your account. For those that you don't recognize or that are out-of-date, click Revoke. To revoke all tokens, click Revoke all. Applications list

Further reading