GitHub says there is currently no evidence that customer repositories or external enterprise data have been compromised.
Earlier today, hackers gained access to internal GitHub repositories by exploiting an employee’s computer using an infected VS Code extension.
Following the incident, reports have emerged that a threat actor using the alias TeamPCP is now allegedly selling what they claim are approximately 4,000 private GitHub repositories on a cybercrime forum, with a minimum asking price of $50,000.
What GitHub says happened
github certain The breakthrough came through several tweets posted on her X account, where she detailed what she had learned so far. According to the hosting platform, the attacker gained access to its internal repository via a malicious VS Code extension loaded on one of its employees’ machines.
github Claims As soon as he realized there was an attack, he immediately deleted the malware from the infected device. Importantly, it noted that there is currently no evidence that customer data residing outside its internal systems has been accessed, meaning organizations, organizations or individual user repositories have been accessed.
The hosting service also confirmed that it moved quickly to rotate credentials, moving the highest-impact secrets first. Records will also be examined to see if there is any additional activity, and more details on this matter will be provided after the investigation is completed.
Meanwhile, French researcher Sebastien Latombe It has been marked A criminal message board listing by a threat actor calling itself “TeamPCP”, claiming to be the party behind the hack, and containing references to repositories related to GitHub Actions, GitHub Enterprise, GitHub Copilot, Azure, CodeQL, and billing and authentication services.
They are allegedly not looking to ransom GitHub but want a single buyer for the stolen data, with a minimum asking price of $50,000.
You may also like:
However, it should be noted that there has been no official confirmation of the content in the forum listing from GitHub or Microsoft, and any claims made on these cybercrime sites may be treated with caution, as any statements they provide in such cases may be outdated or exaggerated to inflate their perceived value.
Security concerns have spread across cryptocurrencies
Online reaction to the hack was swift, with Binance co-founder Changpeng Zhao (CZ) saying: send Direct message to crypto developers:
“If you have API keys in your code, even if they are private repos, now is a good time to double check them and change them.”
The responses painted a familiar picture of an industry-wide problem. Topaz Dex founder Aaron Shams Named “It’s bad practice to have API keys in any repo, whether private or not,” he admitted, though he cautioned.
Others pointed out that for contractors managing hundreds of switches across projects, this is not a simple solution.
“This whole practice of storing keys needs to be updated,” digital artist Tutheth_ wrote.
Security commentator Dhanush Nehru went further:
“No one knows what all the permissions each VS Code extension has. The cybersecurity threat landscape is scary.”
The timing of this incident also contributed to pre-existing concerns about cryptocurrency security following several high-profile hacks this month, which included an attack on the Echo Protocol, where hackers were able to mint $76.7 million in eBTC value.
This particular incident came just days after two other attacks worth millions of dollars Sold out On THORChain and the Verus-Ethereum Bridge.
This series of events has led to renewed discussions on code verification issues and vulnerabilities in the software supply chain, Vitalik Buterin said. Confirms With the help of AI, formal verification can make programs more secure by mathematically proving their behavior.
