TeamPCP claims to be directly selling stolen GitHub source code and internal data, while GitHub has confirmed that about 3,800 internal repositories were exfiltrated. The breach is linked to a compromised Visual Studio Code extension used in a supply-chain worm campaign that harvested credentials and exposed code for GitHub Copilot, GitHub Enterprise Server, and other internal systems. #TeamPCP #GitHub #GitHubCopilot #GitHubEnterpriseServer
Keypoints
- TeamPCP is offering stolen GitHub source code and internal data for sale.
- GitHub confirmed that around 3,800 internal repositories were exfiltrated.
- The breach involved a compromised Visual Studio Code extension with malicious code.
- The attack was tied to a supply-chain worm campaign that stole authentication credentials.
- GitHub rotated exposed keys and tokens and is preparing a technical transparency report.
Read More: https://securityonline.info/github-source-code-breach-teampcp-vs-code-extension-supply-chain-worm/