View Single Post
  #1  
Old 11-05-2020, 18:14
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 326
Rept. Given: 25
Rept. Rcvd 107 Times in 52 Posts
Thanks Given: 49
Thanks Rcvd at 552 Times in 221 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
GitHub Source Code Leak

On Nov. 3, someone uploaded the full source code to GitHub to GitHub's own DMCA repo using a GitHub staff account. GitHub responded to the upload after taking it down within the hour of it being posted saying:

Quote:
GitHub hasn't been hacked. We accidentally shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers a couple of months ago. It shares code with github.com. As others have pointed out, much of GitHub is written in Ruby.
This response came from the same name of the account that posted the source code.

However, the commits log says otherwise, with the commit saying:
Quote:
felt cute, might put gh source code on dmca repo now idk
This appears to be similar to the previous leaks where an auth token was stolen that was used to access multiple private repos owned by Microsoft.

You can view the archive entry of the commit here:
Code:
https://web.archive.org/web/20201104050026if_/https://github.com/github/dmca/tree/565ece486c7c1652754d7b6d2b5ed9cb4097f9d5
You can find a full download of the commit here:
Code:
https://anonfiles.com/Jax980m9p6/dmca-565ece486c7c1652754d7b6d2b5ed9cb4097f9d5_zip
The current speculation as to why this happened is due to the recent RIAA takedowns of various repos on GitHub via DMCA'ing. Most notable is the 'youtube-dl' repo. That repo has been mirroed in several locations such as:

Code:
https://gitlab.com/ytdl-org/youtube-dl
https://git.rip/mirror/youtube-dl
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following 5 Users Say Thank You to atom0s For This Useful Post:
ARUBA (11-23-2020), emo (11-07-2020), Fyyre (11-22-2020), MrScotc (11-10-2020), tonyweb (11-06-2020)