“Yesterday we detected and contained a compromise of an worker machine involving a poisoned VS [Visual Studio] Code extension. We eliminated the malicious extension model, remoted the endpoint, and commenced incident response instantly,” GitHub said.
“Our present evaluation is that the exercise concerned exfiltration of GitHub-internal repositories solely. The attacker’s present claims of ~3,800 repositories are directionally in line with our investigation thus far.”
GitHub added: “We proceed to investigate logs, validate secret rotation, and monitor for any follow-on exercise. We are going to take extra motion because the investigation warrants.” The corporate promised to publish a full incident report as soon as it had accomplished its investigations.
That determine tallied with an earlier declare by the TeamPCP risk group that it had breached 4,000 repos, full with a risk to leak the stolen code if no purchaser prepared to pay at the least “50k” was discovered. The group backed up its declare by posting a listing of the breached repositories on the LimeWire content material sharing platform.