Some additional info, someone has taken credit for the leak on Reddit saying the following:
Code:
I am the one who did this. You can find on my profile that I was the first one to post it on Reddit.
The commit author is a joke and can be easily done, there's even a CLI tool to do this: git-blame-someone-else
As for the code itself, I just ran a deobfuscator through the officially provided GitHub Enterprise image. Turns out they use the same codebase as GitHub (dotcom), you can even find the billing and subscriptions management in the repo.
As they claim, the leaked code is a copy of GitHub Enterprise deobfuscated. According to them, it matches the actual GitHub site setup (which makes sense since enterprise is for self-hosting etc.)
The push author was faked but access to the DMCA repo still required a leaked auth token or similar. (No info was provided for that part of the hack; but again I assume this is similar to the past hacks I mentioned above.)