Very first post and this POS is trolling.

Why it's import to know ? My understand is that there is two git commit's made by internal user via cli. So hole server was compromised by hacker(s) .

Did they run php on that server?

Well, GitLab supports CI and issues too.

It's possible to sign commits too, so there's one good method of ensuring authenticity of code. I don't think Microsoft will do something evil like introducing malicious commits, but "accidentally" deleting the repo or slowing access to it and causing pandemonium is totally within their reach.

Remember, there's a reason Microsoft doesn't post their internal code on Google Code, and Google's AOSP and proprietary software isn't on Github. There's a reason Facebook doesn't do Google login, and why Google doesn't do Facebook login. Lots of others have also switched away from depending on Google and Facebook, because they can easily cut off access and screw you while providing whimsical reasons.

Please do tell us why on earth would microsoft do something like that.

That's like this article I was reading yesterday about how Amazon workers are peeing in bottles and pooping in sacks; mostly drivers, but line workers too. Most of the comments were some form of "well I worked construction/trucking/crappy job and we pooped/peed in odd places so suck it up" and my first thought was "y'all are the problem. I've worked those jobs, did my business in those places, and, big difference, didn't feel like I had to do it because I was so stressed for time".

When you work construction and you're doing something at a house in the woods miles from civilization, 1, you agree to that beforehand, 2, you can choose to drive your happy ass to a gas station in lieu of pooping in the woods, 3, doing construction I never had to shit in a bag on camera next to a full spread of telemetry sensors. Instead of feeling empathy for people who feel so stressed and pressed for time that they'll drive around with a shit sack the collective group has the viewpoint of "because we had it shitty you should have it shitty too" instead of "Generations of horrible working conditions, something has to change".

Are you really trying to imply that

1) using any cloud service is irresponsible, right under the news that they f*cked up royally when hosting it on their own?
2) Microsoft is somehow substantially, inherently less trusted for cloud services than other cloud providers (for unspecified reasons)?
3) git doesn't allow you to set up mirrors for your repo?

Git is distributed. Github is a service that offer features that can in-turn act as a vendor lock-in if you can't find those same features with other Git Distributors. That isn't a pro or con against Github. That's just how services work in general.

My argument is that if they get set in Github's ways then "easily just migrate" might not be so "easily" for them. For example, I prefer the UI of Hub over Lab. I can use both but I prefer Hub.

Everyone here is complaining about the use of Github, and here I am thinking "are we all just going to ignore the kind of asshole who would perform this hack in the first place?"
Really, hacking PHP is the same sort of thing as holding a charity for ransom. Yeah, you'll get something out of it, but it's really sad and pathetic.