GitHub Breach Tied to Malicious VS Code Extension Exposes Thousands of Internal Repositories

GitHub Breach Tied to Malicious VS Code Extension Exposes Thousands of Internal Repositories

Briefly

"GitHub says attackers accessed thousands of internal repositories after a company employee's device was compromised through a malicious Visual Studio Code extension, though the company said it has removed the malicious extension, isolated the compromised endpoint, and launched an investigation. The company confirmed that approximately 3,800 internal repositories were affected. GitHub stated that investigators have not found evidence of impact to customer repositories or enterprise environments outside GitHub's own systems."

"The hacking group TeamPCP later claimed responsibility for the intrusion in a post on the Breached cybercrime forum. The group alleged it had obtained source code and thousands of private repositories and sought at least $50,000 for the data. GitHub has not formally attributed the attack to TeamPCP, though the company acknowledged that the group's public claims are generally consistent with the scope of the ongoing investigation."

"GitHub said it continues to review logs, rotate credentials and monitor for additional malicious activity tied to the incident. The company said it plans to publish a more detailed report once its investigation is complete. The GitHub breach is the latest example of the increasing attacks against software development infrastructure. Hackers view developer platforms as efficient paths into enterprise systems because a single compromise can create downstream access across multiple companies."