GitHub confirms breach of 3,800 repos via malicious VSCode extension
Original: GitHub confirms breach of 3,800 repos via malicious VSCode extension
Why This Matters
Major code repository platform breach highlights supply chain security risks for developers
GitHub confirmed that approximately 3,800 internal repositories were breached after an employee installed a malicious VS Code extension. The company removed the trojanized extension from the marketplace and secured the compromised device.
GitHub detected and contained a compromise involving a poisoned VS Code extension installed by an employee. The company's assessment indicates the attack involved exfiltration of GitHub-internal repositories only, with the attacker's claims of ~3,800 repositories being directionally consistent with their investigation. TeamPCP hacker group claimed responsibility for accessing GitHub source code and "~4,000 repos of private code" on the Breached cybercrime forum, requesting at least $50,000 for the stolen data. The group stated this is not a ransom and they would leak the data free if no buyer is found. TeamPCP was previously linked to supply chain attacks targeting developer platforms including GitHub, PyPI, NPM, and Docker. GitHub emphasized no evidence exists that customer data outside the affected repositories was impacted.