GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft's Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and authorship platform. The threat group TeamPCP, formally tracked by Google Threat Intelligence Group as UNC6780, claimed responsibility and is advertising the stolen repositories for sale starting at $50,000. GitHub’s assessment: the attacker’s claim is …

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

It is an unsettling irony when the world’s largest code-hosting platform becomes the victim of its own ecosystem. GitHub confirmed on Tuesday that a threat actor exfiltrated approximately 3,800 internal repositories after compromising an employee’s device through a poisoned Visual Studio Code extension, marking one of the most significant breaches the Microsoft-owned company has ever […] This story continues at The Next Web

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.

GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a poisoned VS Code extension.

Compromised coding tool helped hackers breach thousands of GitHub repositories

The attack is the latest example of hackers’ intense focus on open-source packages.

GitHub probes alleged breach of 4,000 internal repositories

GitHub is investigating a security breach after the cybercrime group TeamPCP claimed to have accessed approximately 4,000 private repositories containing the platform's internal source...