GITHUB confirmed a data breach involving the theft of approximately 4,000 internal repositories by a threat actor known as TeamPCP. The breach was reportedly facilitated through a compromised Visual Studio Code extension. GitHub detected and isolated the issue, rotating critical credentials and initiating an investigation. TeamPCP claims it would sell the stolen data but would leak it for free if no buyer is found. Experts highlighted the vulnerabilities associated with developer tools and the trust model in software security.
GitHub Hit by Data Theft After VS Code Extension Compromise
Article by CyberSIXT