GitHub breach traced to malicious VS Code extension installed by employee

GitHub confirmed that a malicious VS Code extension installed by an employee led to a breach of roughly 3,800 internal repositories. The compromised extension was removed from the marketplace, and the affected device was isolated, with GitHub stating that only internal repos were exfiltrated. Hacker group TeamPCP has claimed responsibility and is attempting to sell the stolen data for at least 50,000 dollars. The incident highlights ongoing risks in the VS Code extension ecosystem, which has repeatedly been exploited to steal credentials and compromise developer environments.

Read the full story on BleepingComputer →