It appears from one of the linked threads was that those repos hacked had put their code in a cloud service with their auth keys in their clone's .git/config
So no security leak at github/gitlab/other affected service. Security leak at author's chair.
Biting the hand that feeds IT
