They (temporarily) disabled the account, fixed the problem and re-enabled the account. All while keeping people in the loop about what happened......at 9am............on a sunday.
I may be wrong, but that seems like a pretty reasonable way of handling the situation.
You are told that your back door was open 3 months ago. You "investigate" then tell the witness they are mistaken, the back door is closed. 3 days later the witness walks through the back door which has been open for 3+ months and shits in your fridge. You suspend his account and write an inflammatory post about the guy for has been telling you for 3 months that your back door was open. He could have walked in and burned your house down, shredded your reputation, and caused every paying developer you have to jump ship. He didn't.
GitHub has handled this situation in the worst possible way, from start to finish. Thank god an ethical hacker shit in their fridge. The alternative is frankly unimaginably bad for the whole community.
They (temporarily) disabled the account, fixed the problem and re-enabled the account. All while keeping people in the loop about what happened......at 9am............on a sunday.
I may be wrong, but that seems like a pretty reasonable way of handling the situation.