GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub investigates unauthorized access after TeamPCP listed 3,800+ internal repos for sale; breach linked to poisoned VS Code extension on employee device.
What’s new: GitHub is investigating unauthorized access to its internal repositories after the threat actor TeamPCP listed over 3,800 internal repositories for sale on a cybercrime forum. The breach was linked to a compromised employee device via a poisoned Microsoft Visual Studio Code extension. GitHub has rotated critical secrets and is monitoring for further activity, stating that there is currently no evidence of impact to customer information stored outside of its internal repositories.
Who’s affected
GitHub employees and potentially any users or organizations that rely on GitHub’s internal tools and repositories. The incident may also affect users of the compromised Nx Console extension and those who have downloaded the affected versions of the DurableTask Python package.
What to do
- Monitor your GitHub repositories for any unauthorized access or changes.
- Review and rotate credentials associated with GitHub and any potentially affected tools.
- Ensure that all development environments are secure and free from compromised extensions or packages.
- Stay informed about updates from GitHub regarding the incident.
