GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub Inc. has confirmed that hackers exfiltrated roughly 3,800 of its internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform disclosed late Tuesday.

The breach was detected on May 19 and traced to a malicious extension that GitHub’s security team found on the employee’s device. GitHub said the compromise has been contained and that customer data and code stored on the platform were not affected.

“We removed the malicious extension version, isolated the endpoint and began incident response immediately,” GitHub said in a series of posts on X. “Critical secrets were rotated yesterday and overnight with the highest-impact credentials prioritized first.”

GitHub has not named the extension or said how it reached the employee’s device. A fuller post-incident report is promised once the investigation wraps.

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE

Other newsrooms on this story

Related reading

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Other newsrooms on this story

Related reading

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub says a data breach impacted 3,800 internal repositories.

Hacker group hits 3,800 internal GitHub repositories via poisoned developer…

GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension…

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

GitHub says internal repos exfiltrated after poisoned VS Code extension attack