“Yesterday we detected and contained a compromise of an employee device involving a poisoned VS [Visual Studio] Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub said.
“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.”
GitHub added: “We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.” The company promised to publish a full incident report once it had completed its investigations.
That figure tallied with an earlier claim by the TeamPCP threat group that it had breached 4,000 repos, complete with a threat to leak the stolen code if no buyer willing to pay at least “50k” was found. The group backed up its claim by posting a list of the breached repositories on the LimeWire content sharing platform.
