GitHub confirms hackers breached thousands of internal repos
▼ Summary
– GitHub confirmed a hack that stole data from about 3,800 internal code repositories, with no evidence customer information was impacted.
– The breach occurred after an employee device was compromised through a poisoned VS Code extension.
– A hacking group called TeamPCP claimed responsibility for the breach and is selling the stolen data on a cybercrime forum.
– TeamPCP previously stole over 90 gigabytes of data from the European Commission by pushing malware through a vulnerability scanning tool.
– OpenAI was recently targeted in a similar attack where hackers pushed malware via the Tanstack platform to steal user passwords and tokens.
Microsoft-owned GitHub, the widely used code-hosting platform, has confirmed that hackers successfully breached its systems and made off with data from approximately 3,800 internal code repositories. The company disclosed the incident through a series of posts on X, stating that while it has “no evidence of impact to customer information stored outside of GitHub’s internal repositories,” its investigation remains active.
According to GitHub, the breach was “detected and contained” after an employee’s device was compromised through a poisoned VS Code extension. Visual Studio Code is a highly popular code editor among developers, and the malicious plugin served as the entry point for the attackers. This tactic reflects a growing trend among cybercriminals who target open-source projects and developer tools to maximize their reach, often compromising thousands of machines in a single operation.
GitHub has not disclosed the specific name of the compromised extension. However, reports from The Record and Bleeping Computer indicate that a hacking group known as TeamPCP has claimed responsibility for the breach and is currently selling the stolen data on a cybercrime forum.
GitHub did not respond to requests for comment on whether the hackers made any demands, such as a ransom, or if any communication has been exchanged with the group. TeamPCP has a track record of high-profile attacks. Earlier this year, the same group claimed responsibility for breaching the European Commission, stealing over 90 gigabytes of data from the EU executive arm’s cloud storage. That attack was facilitated by an earlier compromise of Trivy, a vulnerability scanning tool, where TeamPCP pushed info-stealing malware to downstream users of Trivy.
In a separate but similar incident, OpenAI was recently targeted when hackers broke into Tanstack, a platform used by web developers. The attackers pushed malicious updates that enabled them to steal passwords and tokens from users, underscoring the escalating threat to developer ecosystems.
(Source: TechCrunch)
