- A breach of GitHub‘s internal repositories originated from an employee downloading a malicious extension from the official VS Code marketplace.
- The Hacking group TeamPCP is selling the stolen private repositories on a hacking forum for at least $50,000.
- Security experts are urging developers to immediately rotate any API keys or secrets that may have been stored in private repositories.
- This incident follows a similar breach at Grafana, which was also linked to the Mini Shai Halud supply chain attack campaign.
In the early hours of Monday, Microsoft-owned code repository giant GitHub disclosed it was investigating unauthorized access to its internal data, according to reports. The company has since confirmed the breach stemmed from a staff member downloading a “poisoned” VS Code extension from the official marketplace. GitHub stated the breach only affected its internal repositories, and the attacker’s claim of roughly 3,800 compromised repos is “directionally consistent” with its investigation.
The hacking group TeamPCP is selling the data for no less than $50,000 on the *Breached* forum, stressing it is not a ransom. This group has been OpenAI-confirms-security-breach-in-tanstack-supply-chain-attack/” target=”_blank” rel=”noreferrer noopener”>linked to the Mini Shai Halud supply chain attack that previously impacted OpenAI. GitHub says it has removed the malicious extension, isolated the endpoint, and rotated critical secrets.
Consequently, security experts have issued urgent warnings. Former Binance CEO Changpeng Zhao advised users to check and change API keys stored in their code. Crypto security expert Taylor Monahan added, “Your biggest risk is not this. It’s your own devs getting hit by one of these wormy motherfucking supply chains and leaking all those secrets.”
Meanwhile, this is the second such incident in days. Software firm Grafana also Ransomware-incident/?camp=blog&mdm=social&src=tw” target=”_blank” rel=”noreferrer noopener”>claimed unauthorized access to its GitHub repositories earlier this week, linked to the same supply chain campaign. The company said attackers downloaded its codebase and issued a ransom demand. This pattern follows a 2024 incident where leaked Binance data on GitHub was deemed capable of causing “severe financial harm.”
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
