Keep in mind, it's not the squash (you could have edited the borked commit alone and kept the rest).
Also, once published the blobs will be in all clones' object databases for some time (until garbage collect). So, in all honesty this seems like a bad fix for a security risk. Instead, just revoke the admin token and generate a brand-new one.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Keep in mind, it's not the squash (you could have edited the borked commit alone and kept the rest).
Also, once published the blobs will be in all clones' object databases for some time (until garbage collect). So, in all honesty this seems like a bad fix for a security risk. Instead, just revoke the admin token and generate a brand-new one.