GitHub confirmed it was hacked, resulting in the theft of data from approximately 3,800 internal code repositories. The platform, owned by Microsoft, stated there was “no evidence of impact to customer information stored outside of GitHub’s internal repositories,” and that an investigation is currently ongoing.
The company detected and contained a compromise of an employee device linked to a poisoned VS Code extension, a plug-in for the widely used Visual Studio Code code editor. Hackers are increasingly targeting open source projects and coding extensions to breach developers’ systems and codebases.
GitHub did not specify the name of the compromised extension involved in the breach. Reports from The Record and Bleeping Computer indicate that a hacking group named TeamPCP has taken credit for the incident and is allegedly selling the stolen data on a cybercrime forum.
GitHub has not responded to queries regarding any communications from the hackers or potential ransom demands. TeamPCP has a history of similar attacks; they previously claimed responsibility for a breach at the European Commission that resulted in the theft of over 90 gigabytes of data from the EU’s cloud storage.
During that breach, the hackers acquired the European Commission’s cloud key from Trivy, a vulnerability scanning tool, by distributing info-stealing malware to its users. In a separate incident, OpenAI was recently targeted when hackers infiltrated TanStack, a web development platform, to distribute malware that stole users’ passwords and authentication tokens.
