You may have missed the part of my post where I said I reported the user to GitHub four hours before posting. I posted about it here because (1) I wanted to draw attention to this problem, which is affecting many developers this month because of all the users downgrading from Pro to Free, and (2) because I wanted to draw attention to this critical design flaw in GitHub Pages.
I set up a Github Pages site for the first time last month, and to set up a custom domain, it had me add four A records pointing to IP addresses (all of which were hardcoded in the GitHub pages documentation, i.e. not specific to my repository) and add the domain I was using in the settings for the site's repository. I remember wondering how Github stopped other people from just putting arbitrary domains in their repositories to steal them if they ever got pointed towards Github Pages; I guess I have my answer now!