No joke. «GitHub will forward access tokens found in public repositories to Tencent WeChat, who will notify affected users.» In other words, Tencent now has access to all of your public repositories.
Also, Github now has code recognise Tencent access tokens.
> In other words, Tencent now has access to all of your public repositories.
They already did. That's what public means. This is just an optimization to make it harder for WeChat access tokens to be inadvertently compromised without getting noticed.
If you're worried about the Chinese government having inappropriate influence over or access to various things outside China, that's in general a valid concern indeed, but facilitating credential scanning in public repositories really doesn't seem worrying.
It's because this site is dead and more than half the comments are written by bots. On average HN article, like 75% of the comments make absolutely no sense.
Tencent isn't claiming ownership of these strings, it's claiming that strings with a particular format have special meaning wrt. Tencent's APIs. It has told Github about that format.
This is fundamentally similar to how UPS, DHL etc. document how to recognise their tracking numbers.
"Their" and genitive in general doesn't necessarily mean ownership. It's often used for various sorts of connection. For example, "my address" doesn't claim ownership of either the street or the house, "my age", "my wife", all connected to me somehow but not owned by me.