GitHub confirmed that about 3,800 internal repositories were exfiltrated after an employee installed a malicious VS Code extension, and the company removed the trojanized add-on and secured the affected device. TeamPCP claimed responsibility for the access and attempted to sell the stolen GitHub source code and private repositories, but GitHub said there is no evidence customer data outside the affected repos was impacted. #GitHub #VSCode #TeamPCP
Keypoints
- GitHub detected a compromise involving a poisoned VS Code extension on an employee device.
- About 3,800 internal repositories were reportedly exfiltrated in the incident.
- GitHub removed the malicious extension and isolated the compromised endpoint.
- TeamPCP claimed access to GitHub source code and private repositories on a cybercrime forum.
- GitHub said there is no evidence that customer data outside the affected repositories was exposed.