GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories.

News of the incident first emerged on May 19, when GitHub said it was investigating “unauthorized access.” Hours later, the company’s X account confirmed the worst:

“Yesterday we detected and contained a compromise of an employee device involving a poisoned VS [Visual Studio] Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub said.

“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.”

GitHub added: “We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.” The company promised to publish a full incident report once it had completed its investigations.

GitHub admits major source code leak after 3,800 internal repositories breached

Other newsrooms on this story

Related reading

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

GitHub Confirms Hack Impacting 3,800 Internal Repositories

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

Hacker group hits 3,800 internal GitHub repositories via poisoned developer…

GitHub Internal Repositories Breached via VS Code Extension