GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension.

The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device.

"Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately," the company said.

"Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far."

This comes after GitHub told BleepingComputer on Tuesday evening that it was investigating claims of unauthorized access to its internal repositories and added that it has no evidence that customer data stored outside the affected repos has been affected.

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Other newsrooms on this story

Related reading

Hacker group hits 3,800 internal GitHub repositories via poisoned developer…

Other newsrooms on this story

Related reading

Hacker group hits 3,800 internal GitHub repositories via poisoned developer…

GitHub Got Breached Through a VS Code Extension. MCP Servers Are Next.

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub Internal Repositories Breached via VS Code Extension

GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000