Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. The root cause of the vulnerability was a failure to properly check incoming form parameters, a problem known as the mass-assignment vulnerability. GitHub has apologized for obfuscating how white hat hackers should disclose security vulnerabilities and set up a new help page that clearly lists how to report issues.
Source: https://thehackernews.com/2012/03/github-hacked-with-ruby-on-rails-public.html