How the Breach Occurred
GitHub has confirmed it is investigating a security incident after a threat actor known as TeamPCP claimed to have stolen source code from the platform’s internal repositories. The attack began when an employee’s device was compromised through a poisoned Microsoft Visual Studio Code extension. GitHub detected the unauthorized access and contained the breach, rotating critical secrets as a precaution. The company stated that the attacker exfiltrated approximately 3,800 internal repositories, a number that aligns with its investigation.
Impact and Scope
TeamPCP, a group previously linked to supply chain attacks on open source packages, listed the stolen code for sale on a cybercrime forum for at least $50,000. The group stated it has no interest in extortion and will leak the data for free if a buyer is not found. GitHub has not found evidence that customer data outside its internal repositories, such as enterprise accounts or user repositories, was affected. The company continues to monitor its infrastructure and will notify customers if any impact is discovered. The specific VS Code extension involved has not been named, but the incident follows a recent compromise of Nx Console that enabled credential theft and supply chain poisoning tools.
Source: The Hacker News
