Home
News
Details

GitHub reports security incident involving malicious VS Code plugin; 3,800 internal repositories compromised

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
GitHub confirmed a security breach after an employee’s device was compromised via a malicious VS Code plugin, resulting in the theft of approximately 3,800 internal repositories. The company has removed the plugin, isolated affected systems, and initiated an investigation. On-chain news platforms are closely monitoring the incident as GitHub rotates credentials and reviews logs for additional threats.

Odaily Planet Daily reports: GitHub posted on X that it has shared additional investigation details regarding the unauthorized access to its internal repositories. Yesterday, GitHub detected and contained an incident involving compromised employee devices due to a malicious VS Code extension. GitHub has removed the malicious extension version, isolated the endpoints, and immediately initiated its incident response.

Current assessments indicate that the incident involved only the theft of internal GitHub repositories. The approximately 3,800 repositories claimed by the attacker are consistent with GitHub’s ongoing investigation. GitHub has acted swiftly to mitigate risk, rotating critical keys yesterday and overnight, and prioritizing the most impactful credentials. GitHub will continue analyzing logs, verifying key rotations, and monitoring for further activity, and will release a more comprehensive report upon completion of the investigation.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.