GitHub Updates Security Incident Investigation: Employee Hit by Malicious VS Code Plugin; Approximately 3,800 Internal Repositories Compromised

Odaily Planet Daily reported that GitHub posted on the X platform, sharing more investigation details regarding the unauthorized access incident targeting its internal repositories. Yesterday, GitHub detected and contained an attack on an employee's device involving a malicious VS Code plugin. GitHub removed the malicious plugin version, isolated the endpoint, and immediately initiated an incident response.

Current assessments indicate that the activity only involved the theft of GitHub's internal repositories. The approximately 3,800 repositories claimed by the attacker so far are consistent with the direction of GitHub's investigation to date. GitHub has taken swift action to mitigate risk; critical keys were rotated yesterday and overnight, with the most impactful credentials prioritized. GitHub will continue to analyze logs, verify key rotations, and monitor subsequent activities. A more complete report will be released after the investigation concludes.