# Code Exfiltration By Guest Account

Detects external accounts that have recently been created and have successfully downloaded a repository. Such activity could potentially indicate an attempt to exfiltrate data. If an external user's account was created within the past 7 days and they download a repository, they will fail this check.

**Recommended Actions**

Please contact the user that invited the external account, or their manager, to verify the origin of the actions.

**Default Check Settings**

Number Of Days Between Invite Sent And Download: 7

**Compatibility**

[GitHub](https://docs.oort.io/integrations/github)