They announced this exclusively on X.com, which ranks barely above Pinterest in terms of usage. That's below Reddit, Snapchat, WeChat, and Instagram, and requires a user account to view profiles and posts. And that's ignoring all the reasons X is a divisive platform with an extreme political bent.
GitHub chose not to announce this on any other social media either (BlueSky, Facebook, TikTok, YouTube, LinkedIn, or Mastodon, as of this posting, and with no emails sent on the matter.)
I think that's panic mode from some decision maker (i.e. head of marketing or head of security).
Nobody's going to post on BlueSky or Reddit because they don't matter. You know this, I know this, they know this, let's just all be real here.
The cognitive dissonance is insane here. Indeed, saying things doesn't make them true. Even for you. Facts don't care about your feelings.
Besides, even if that wasn't a consideration, only posting the announcement to X is just crazy. As others have said, you'd expect for GitHub to make the announcement on their official website. Any paying client would then just follow that for their announcements.
Beyond that, Twitter is the de facto default dissemination vehicle, due to its reach. Even if people are not on Twitter, they are likely to see things from people that are on Twitter.
Not to mention Twitter is not an open platform anymore! (A) I'm an employee in an organization paying for Github. (B) I don't have a Twitter account. I already have a Github account because of (A). Why should (B) stop/delay me from getting official comms about this?
It's not "spam" if it is relevant to me, such as security incident disclosures.
Also, as tiffanyh pointed out, what's wrong with Github blog or is that exclusively for marketing fluff now? That would've been appropriate enough, without having to spend Sendgrid credits.