You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
The title is very click bait imo. It is not about any private data. It is a very specific case of deleted fork of the public repository. It is a bug, of course. But it doesn't look so serious as I was thinking when saw the title.
It was purposefully designed that way so it’s not a bug. It’s just bad design. Like they say at the end of the article, people view private vs public as a security boundary. So it’s incredibly surprising and unintuitive behavior that has clearly resulted in security breaches.