·
·
Tech & Science
GitHub confirmed a security breach affecting approximately 3,800 internal code repositories, involving a compromised employee device and a malicious Visual Studio Code extension. The company stated no customer data outside internal repositories was impacted, while investigations continue. A hacking group named TeamPCP claimed responsibility and is reportedly selling the stolen data.
Approximately 3,800 internal code repositories at GitHub were compromised in a recent cyberattack, the company confirmed. The breach involved a poisoned extension for Visual Studio Code installed on an employee’s device, leading to unauthorized access.
GitHub, owned by Microsoft, stated in posts on X that there is no evidence indicating customer information stored outside its internal repositories was affected. The company emphasized that its investigation into the incident is ongoing.
The attack exploited a malicious Visual Studio Code extension, a plugin used by developers for programming tasks. GitHub did not disclose the name of the compromised extension.
Cybersecurity reports from The Record and Bleeping Computer attribute the breach to a hacking collective known as TeamPCP, which has claimed responsibility and is reportedly marketing the stolen data on a cybercrime forum.
TeamPCP has a history of high-profile cyberattacks, including a breach of the European Commission that resulted in the theft of over 90 gigabytes of data from the EU executive’s cloud storage. That earlier attack involved stealing the European Commission’s cloud key through a previous compromise of Trivy, a vulnerability scanning tool, by distributing info-stealing malware to its users.
GitHub has not responded to inquiries regarding any ransom demands or communications from the hackers following the breach.
Similar tactics have been observed in other recent incidents, such as an attack on OpenAI via Tanstack, a web development platform. Hackers used malware-laden updates to steal passwords and tokens from users in that case.
