The hackers wanted access to the code to look for Amazon keys. For them it doesn't matter if they get the code from the internal GitHub or from a developer machine.
If you have an ultra-secure door, the thiefs will just enter through your regular window.
How do you know they "wanted" access to look for Amazon keys? Do you know it wasn't from a blanket scan of github?
Sure, there are only 13 projects on https://uber.github.io/, but there are 169 on https://github.com/uber, and it only takes a short while to scan for access keys. There are plenty of open tools that will scan github for keys.
This may not have been targeted at Uber but a net for all of github with Uber being just one company that was hit up for cash. Unless you're saying that you know the motivations of the attackers.
If you have an ultra-secure door, the thiefs will just enter through your regular window.