GitHub has denied rumors immediately of getting hacked after a mysterious entity shared what they claimed to be the supply code of the GitHub.com and GitHub Enterprise portals.
The “supposed” supply code was leaked through a commit to GitHub’s DMCA part.
The commit was additionally faked to appear to be it originated from GitHub CEO Nat Friedman.
However in a message posted on YCombinator’s Hacker News portal, Friedman denied that it was him and that GitHub bought hacked in any method.
Friedman said the “leaked supply code” did not cowl all of GitHub’s code however solely the GitHub Enterprise Server product. This can be a model of GitHub Enterprise that firms can run on their very own on-premise servers in case they should retailer supply code domestically for safety causes however nonetheless need to profit from GitHub Enterprise options.
Friedman mentioned this supply code had already leaked months earlier than on account of its personal error when GitHub engineers by accident “shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server supply code to some clients.”
Friedman promised that GitHub was going to repair the 2 bugs exploited by the leaker and stop unauthorized events from attaching their code to different individuals’s tasks through faked identities.
“In abstract: all the things is ok, scenario regular, the lark is on the wing, the snail is on the thorn, and all’s proper with the world,” Friedman mentioned.
Not the primary time
However this isn’t the primary time that this occurred on GitHub.
One of many two bugs was used just days earlier when a safety researcher attached the source code of the youtube-dl library to GitHub’s DMCA part.
The safety researcher’s gesture got here as a type of protest after GitHub determined to honor a suspicious DMCA takedown request towards the youtube-dl library from music recording business group RIAA.
Whereas the thriller leaker by no means defined their actions, it’s believed that the one who leak the GitHub Enterprise Server code was additionally protesting towards GitHub’s resolution to honor RIAA’s DMCA request and take down youtube-dl, a undertaking that lets customers obtain uncooked audio and video information from YouTube and different companies — which RIAA argued was closely used to pirate its songs catalog.
For the previous week, a whole bunch of different customers have been re-uploading the youtube-dl code on their very own accounts and daring RIAA to ship them a DMCA request too. GitHub has warned customers not to take action, as they danger getting banned by its automated methods.