Home
News
Details

GitHub Confirms 3,800 Internal Repositories Stolen via Malicious VS Code Plugin

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
GitHub confirmed on May 20 that a malicious VS Code plugin resulted in the theft of approximately 3,800 internal repositories, according to on-chain news from Blockbeats. The company has removed the plugin, isolated affected systems, and rotated key credentials. Crypto news reports that GitHub is prioritizing the most impacted areas and continues its investigation, with a full report to follow.

BlockBeats report: On May 20, GitHub released details of its investigation into an unauthorized access incident involving its internal repositories. The announcement stated that yesterday, GitHub detected and contained an attack on an employee device involving a malicious VS Code extension. GitHub has removed the malicious extension version, isolated the affected endpoints, and initiated an immediate incident response.


Current assessments indicate that the incident involved only the theft of internal GitHub repositories. The approximately 3,800 repositories claimed by the attacker are consistent with GitHub’s ongoing investigation. GitHub has acted swiftly to mitigate risk, rotating critical keys yesterday and overnight, and prioritizing the most impactful credentials. GitHub will continue analyzing logs, validating key rotations, and monitoring for further activity, and will release a more comprehensive report upon completion of the investigation.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.