If you have no RP using GitHub authentication, you are not affected and can disregard this message.
A new GitHub scope has been added which allows us to verify if an account has been authenticated with GitHub using MFA.
We will start prompting for this scope.
What does this mean?
Users that authenticate using GitHub accounts will receive a new OAuth authorization request the next time they login, asking for the “read-only access to your profile”.
This is a one-time prompt.
New user will get the usual authorization prompt that will include this request.
If curious, you can also test this here: https://testrp.security.allizom.org/
Tracking, comments, issues: https://github.com/mozilla/iam-project-backlog/issues/141