GitHub says hackers stole data from thousands of internal repositories
Source: TechCrunch
GitHub breach details
GitHub, the developer platform owned by Microsoft, confirmed that it was hacked and that attackers stole data from approximately 3,800 internal code repositories.
The company announced the incident in a series of posts on X, stating that it has “no evidence of impact to customer information stored outside of GitHub’s internal repositories,” and that its investigation is ongoing. GitHub said it “detected and contained a compromise of an employee device involving a poisoned VS Code extension,” referring to a malicious plugin for Visual Studio Code.
Threat landscape
Hackers are increasingly targeting popular open‑source projects and coding extensions to compromise developers’ computers and projects. By compromising widely used tools, attackers can gain access to a large number of systems simultaneously, amplifying the impact of their attacks.
GitHub did not disclose the name of the compromised extension.
Attribution and data sale
- The Record and Bleeping Computer report that a hacking group called TeamPCP has claimed responsibility for the breach and is selling the stolen data on a cybercrime forum.
- GitHub did not immediately respond to requests for comment about the incident or whether it has received any communication from the hackers, such as a ransom demand.
Related incidents
-
TeamPCP previously claimed credit for a breach at the European Commission, which resulted in the theft of more than 90 GB of data from the EU’s executive arm’s cloud storage. The attackers had stolen the European Commission’s cloud key during an earlier breach of Trivy, a vulnerability‑scanning tool, by pushing info‑stealing malware to Trivy’s downstream users.
-
OpenAI was recently targeted in a separate attack where hackers compromised Tanstack, a platform used by web developers, to push malicious updates that allowed the theft of passwords and tokens from users.