GitHub, the popular developer platform owned by Microsoft, has confirmed that it has been hacked and that attackers stole data from approximately 3,800 internal code repositories.
The code hosting and sharing giant said in a series of posts about the Citing the plugin for Visual Studio Code, the popular code editor used by developers for programming, GitHub said it “detected and contained a compromise of an employee's device containing a poisoned VS Code extension.”
Hackers are increasingly targeting popular open source projects containing coding extensions with the goal of compromising developers' computers and their projects. Targeting popular projects gives hackers access to a huge number of computers at the same time, increasing the impact of the attack.
GitHub has not named the compromised extension.
The Record and Bleeping Computer reports that a hacker group called TeamPCP is responsible for the GitHub breach and is selling the data on cybercrime forums.
GitHub did not immediately respond to a request for comment on the incident, nor did it respond to questions about whether it had received any ransom demands or other communications from the hackers.
TeamPCP previously claimed responsibility before the European Commission for a data breach that stole more than 90 gigabytes of data from the EU enforcement department's cloud storage. Hackers had stolen the European Commission's cloud keys during a previous breach of Trivy, a vulnerability scanning tool, by pushing information-stealing malware to Trivy's downstream users.
OpenAI was also recently targeted in a similar but separate attack. In this attack, hackers compromised Tanstack, a platform used by web developers, and pushed an update containing malware that allowed hackers to steal passwords and tokens from users.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.