GitHub confirms breach of 3,800 repos via malicious VSCode extension
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
GitHub breach via VSCode extension is a critical supply chain security incident for all developers.
GitHub confirmed that roughly 3,800 internal repositories were breached after an employee installed a malicious VS Code extension, which was subsequently removed from the marketplace. The TeamPCP hacker group—previously linked to supply chain attacks on PyPI, NPM, and Docker—claimed responsibility and is demanding $50,000 for the stolen code. GitHub reports no customer data was affected, but this incident underscores the risk of supply chain attacks via developer tooling.
- Enforce strict vetting of all VS Code extensions and implement endpoint detection controls on developer workstations.
For engineers building on cloud platforms, this incident highlights how vulnerable developer endpoints and IDE extensions can serve as an entry point into internal source code, threatening intellectual property and CI/CD pipelines.