I imagine the risk here is more about embarrassment than a business threat. Github endpoints are still authenticated, and their business is still in providing a service. Propping up, understanding, and maintaining the leaked codebase to use "for free" probably will never pay dividends. Another company referencing this code base when designing their own software will just expose them to needless risk in the future.

I believe this isn't an existential threat to the company by any means.