We are using classroom computers.
Based on some unknown browser configuration, students are accidentally creating repositories in our classrooms for users not in our organization if those users were logged into the computer previously.
I think it has to do with separate Cookies for classroom and github sessions. We will try to work around this by clearing browser cookies on login.
I consider this a security vulnerability. We are creating repos that belong to users who shouldn't have access to these private repos. In our case we are using the tool to administer coding tests.