View Single Post
Old 11-05-2020, 18:41
atom0s's Avatar
atom0s atom0s is offline
Join Date: Jan 2015
Posts: 327
Rept. Given: 25
Rept. Rcvd 107 Times in 52 Posts
Thanks Given: 49
Thanks Rcvd at 560 Times in 223 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Some additional info, someone has taken credit for the leak on Reddit saying the following:
I am the one who did this. You can find on my profile that I was the first one to post it on Reddit.

The commit author is a joke and can be easily done, there's even a CLI tool to do this: git-blame-someone-else

As for the code itself, I just ran a deobfuscator through the officially provided GitHub Enterprise image. Turns out they use the same codebase as GitHub (dotcom), you can even find the billing and subscriptions management in the repo.
As they claim, the leaked code is a copy of GitHub Enterprise deobfuscated. According to them, it matches the actual GitHub site setup (which makes sense since enterprise is for self-hosting etc.)

The push author was faked but access to the DMCA repo still required a leaked auth token or similar. (No info was provided for that part of the hack; but again I assume this is similar to the past hacks I mentioned above.)
Personal Projects Site:
Reply With Quote