GitHub Updates Security Incident Investigation: Employee Compromised by Malicious VS Code Plugin, Approximately 3,800 Internal Repositories Stolen

Odaily GitHub posted on platform X, stating that GitHub has shared more investigation details regarding the incident of unauthorized access to its internal repositories. Yesterday, GitHub detected and contained an attack on an employee's device involving a malicious VS Code plugin. GitHub has removed the malicious plugin version, isolated the endpoint, and immediately initiated an incident response.

The current assessment indicates that this activity only involved the theft of GitHub's internal repositories. The approximate 3,800 repositories claimed by the attacker aligns with GitHub's investigation findings so far. GitHub has taken swift action to mitigate risks, rotating critical keys yesterday and overnight, and prioritizing the credentials with the highest impact. GitHub will continue to analyze logs, verify key rotations, and monitor subsequent activities. A more complete report will be released upon the completion of the investigation.