Sorry, rather of topic for Nim, but couldn't resist.
But, maybe one of you can awnser a serious question on these matters, are data on all these hacked systems not encrypted in some clever way to make then unusable?
are data on all these hacked systems not encrypted in some clever way to make then unusable?
Well, they might be. At least they are access controlled. But as per the article:
[...] the hackers had abused a stolen token credential that allowed access to the company’s GitHub environment [...]
Not much safety in a lock if someone steals the key. You can encrypt your stuff all you want, but if your password is compromised it won't help. A lot of these hacks aren't technical in nature towards the system being attacked. Maybe you create a fun little program to make silly colors in a terminal. Some dev downloads it to brighten up his workday. When they don't know is that you've hidden a little bit of code in the script which uploads all your environment variables somewhere. Now you can look through your list of codes and see GITHUB_TOKEN=<something> and then you can authenticate using that token and check out the repos.
Or you can even do it without technical solutions at all, social engineering can get you very far. I've heard of multiple companies that run such social engineering tricks on their employees, anyone who takes the bait is enrolled into security awareness courses.