GitHub Breach Shocks Tech World as Hackers Steal 3,800 Internal Repositories Through Poisoned VS Code Extension
A major cybersecurity scare has rocked GitHub after the Microsoft-owned developer platform confirmed that thousands of its internal repositories were compromised in a sophisticated supply chain attack linked to a malicious Visual Studio Code extension.
According to reports, the breach began when a GitHub employee unknowingly installed a poisoned VS Code extension on a work device. That single infection reportedly gave attackers enough access to infiltrate GitHub’s internal infrastructure and exfiltrate nearly 3,800 private repositories containing internal tools, deployment scripts, and infrastructure configurations.
The cybercrime group known as TeamPCP has claimed responsibility for the attack and allegedly listed the stolen data for sale on underground hacking forums for at least $50,000.
Security analysts say the incident highlights the growing danger of software supply chain attacks, where trusted developer tools are secretly weaponized against companies and developers.
GitHub moved quickly after detecting the intrusion. The company isolated the infected employee device, removed the malicious extension, rotated critical security secrets overnight, and launched a full-scale investigation. Officials stressed that there is currently no evidence customer repositories, enterprise accounts, or user data outside GitHub’s internal systems were affected.
Cybersecurity researchers say the attack is especially alarming because the malicious extension reportedly remained live on the Visual Studio Marketplace for only about 18 minutes before being removed, yet that short window was enough for attackers to compromise sensitive systems. Experts are now warning developers worldwide to carefully audit the extensions and plugins they install, as modern coding tools often have deep access to credentials, cloud keys, SSH tokens, and private repositories. The breach has also intensified calls for stronger security controls across open-source ecosystems and developer environments.
The incident marks one of the most high-profile supply chain attacks ever to hit a major software development platform, raising fresh concerns about the security of the global developer ecosystem.
0 Comments