GitHub: Employee Faces Malicious VS Code Extension Attack, Around 3,800 Internal Repositories Stolen

BlockBeats News, May 20th, GitHub disclosed investigation details regarding the unauthorized access to its internal repositories. The announcement stated that yesterday GitHub detected and mitigated an attack on an employee's device involving a malicious VS Code plugin. GitHub has removed the malicious plugin version, isolated the endpoints, and promptly initiated incident response.

The current assessment indicates that this activity only involved the theft of GitHub's internal repositories. The attacker's claim of around 3800 repositories aligns with GitHub's investigation so far. GitHub has swiftly taken actions to mitigate the risk, rotating critical keys yesterday and overnight, and prioritizing the most affected credentials. GitHub will continue analyzing logs, validating key rotations, and monitoring further activities, and a more comprehensive report will be released once the investigation is complete.