GitHub says hackers stole data from thousands of internal repositories

GitHub, the popular development platform owned by Microsoft, confirmed that it had been hacked and that attackers had stolen data from about 3,800 internal code repositories.

The hosting and code sharing giant said In a series of posts on X It has “no evidence of impact on customer information stored outside of internal GitHub repositories,” but noted that its investigation is ongoing. GitHub said it “detected and contained a compromise on an employee’s device involving a poisoned VS Code plugin,” referring to a plugin for Visual Studio Code, a popular code editor used by developers for programming.

Hackers are increasingly targeting popular open source projects, including programming extensions, with the aim of compromising developers’ computers and projects. Targeting popular projects allows hackers to access large numbers of computers at the same time, amplifying the impact of their attacks.

GitHub did not mention the name of the compromised extension.

Record and Sleeping computer A hacking group called TeamPCP has taken credit for the GitHub hack, and is selling the data on a cybercrime forum, according to a report.

GitHub did not immediately respond to a request for comment on the incident, or answer questions about whether it had received any communications from the hackers, such as a ransom demand.

TeamPCP previously claimed responsibility for a data breach at the European Commission that resulted in more than 90GB of data being stolen from the company’s cloud storage. The executive arm of the European Union. Hackers had stolen the European Commission’s cloud key during a previous hack of Trivy, a vulnerability scanning tool, by paying… Malware to steal information For downstream Trivy users.

OpenAI was too It was recently targeted in a similar but separate attack Which saw hackers break into Tanstack, a platform used by web developers, to push updates containing malware that allows hackers to steal passwords and tokens from users.