GitHub, arguably the place for developers to store and share code, has been the target of a cyberattack. The Microsoft-owned platform reported on Tuesday that its internal repositories experienced unauthorised access, although it does not appear to have exposed customer information outside of that.
"Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only," GitHub shared most recently on X, "The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far."
The attack reportedly took place via a compromised employee device "involving a poisoned [Visual Studio] Code extension." GitHub did not name the specific developer extension that was leveraged in the breach, nor the attacker. GitHub continues, "We removed the malicious extension version, isolated the endpoint, and began incident response immediately."
Backdoors placed in useful extensions is not a novel ro...
English (US)