3,800 GitHub repos got breached by one VSCode extension. Here's the 5-minute audit that saves yours.

GitHub just confirmed it: one malicious VSCode extension exfiltrated tokens from 3,800 repositories. Not 38. Not 380. Three thousand eight hundred.

If you're a vibe coder who installs extensions to make your editor look cool or speed up boilerplate, this is the moment to read the rest of this post.

Because the worst part isn't that it happened. It's how boring the attack was.

What actually went down

The extension shipped as a normal productivity tool, passed marketplace review, and racked up installs. Then it shipped a quiet update. That update did three things:

3,800 GitHub repos got breached by one VSCode extension. Here's the 5-minute audit that saves yours.

Other newsrooms on this story

Related reading

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

Hacker group hits 3,800 internal GitHub repositories via poisoned developer…

GitHub confirms breach of 3,800 internal repos after employee installs poisoned…

GitHub Got Breached Through a VS Code Extension. MCP Servers Are Next.

GitHub says a data breach impacted 3,800 internal repositories.