GitHub has denied rumors today of getting hacked after a mysterious entity shared what they claimed to be the source code of the GitHub.com and GitHub Enterprise portals.
The "supposed" source code was leaked via a commit[1] to GitHub's DMCA section.
The commit was also faked to look like it originated from GitHub CEO Nat Friedman.
But in a message posted on YCombinator's Hacker News portal, Friedman denied that it was him and that GitHub got hacked in any way.
Friedman said[2] the "leaked source code" didn't cover all of GitHub's code but only the GitHub Enterprise Server[3] product. This is a version of GitHub Enterprise that companies can run on their own on-premise servers in case they need to store source code locally for security reasons but still want to benefit from GitHub Enterprise features.
Friedman said this source code had already leaked months before due to its own error when GitHub engineers accidentally "shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers."
Friedman promised that GitHub was going to fix the two bugs exploited by the leaker and prevent unauthorized parties from attaching their code to other people's projects via faked identities.
"In summary: everything is fine, situation normal, the lark is on the wing, the snail is on the thorn, and all's right with the world," Friedman said.
Not the first time
But this is not the first time that this happened on GitHub.
One of the two bugs was used just days earlier[4] when a security researcher attached the source code of the youtube-dl library[5] to GitHub's DMCA section.
The security researcher's gesture came as a form of protest after GitHub decided to honor a suspicious DMCA takedown