GitHub has confirmed a security breach involving its internal code repositories, compromised through a malicious Visual Studio Code extension. The breach affected approximately 3,800 internal repositories, though external user data and repositories remain unaffected. The attackers, identified as TeamPCP, have claimed responsibility and are attempting to sell the stolen data on underground forums.
In response, GitHub has removed the malicious extension, isolated affected devices, and rotated critical credentials. The company is conducting a thorough investigation and plans to release a comprehensive incident report. Developers are advised to proactively rotate API keys and credentials as a precautionary measure.
GitHub Internal Code Repositories Breached via Malicious VS Code Extension
Avertissement : Le contenu proposé sur Phemex News est à titre informatif uniquement. Nous ne garantissons pas la qualité, l'exactitude ou l'exhaustivité des informations provenant d'articles tiers. Ce contenu ne constitue pas un conseil financier ou d'investissement. Nous vous recommandons vivement d'effectuer vos propres recherches et de consulter un conseiller financier qualifié avant toute décision d'investissement.