GitHub has officially confirmed, via an X post today, that thousands of its internal repositories were breached after an employee's device was compromised through a malicious Visual Studio Code extension. The company said it detected and contained the incident yesterday, removed the poisoned extension version from the VS Code Marketplace, isolated the affected endpoint, and immediately launched an internal incident response investigation.
The disclosure follows claims posted earlier this week by the TeamPCP hacker group on the Breached cybercrime forum that it had gained access to nearly 4,000 private GitHub repositories via the breach.
The group alleged that it had exfiltrated internal source code and other private data, and stated that it was seeking at least $50,000 from potential buyers for the stolen material. “This is not a ransom,” the group wrote in its post, adding that it intended to sell the data rather than extort GitHub directly, and threatening to leak the repositories publicly if no buyer emerged.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
