GitHub 證實 3,800 個內部 repo 被偷，因員工誤裝惡意 VSCode 擴充

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1608 words

GitHub confirmed: An employee installed a compromised VS Code extension, leading to the theft of approximately 3,800 internal private repositories. GitHub stated that it has isolated the endpoint and removed the extension, with no current signs of customer data being affected. (Previous coverage: GitHub officially confirms unauthorized access to internal repositories; crypto community on alert; developers criticize: GitHub is no longer reliable, something breaks every day) (Background: SlowMist CISO warns: Don't blindly chase OpenClaw; lack of fundamentals could make "crayfish" a major cybersecurity disaster zone) GitHub's official account has issued a statement formally confirming an internal system breach originating from a malicious VS Code extension: attackers stole approximately 3,800 internal GitHub private repositories, consistent with the scale claimed by the hacker group TeamPCP. 1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version,… — GitHub (@github) May 20, 2026 In an X post, GitHub stated: "Yesterday (May 19), we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We have removed the malicious extension version, isolated the endpoint, and immediately initiated incident response procedures." "Current assessments indicate that this activity involved a data breach of GitHub's internal repositories. The approximately 3,800 repositories currently claimed by the attacker are consistent with our findings to date." GitHub also emphasized that there is currently no indication that customer data has been affected, and the scope of the impact is limited to the code stored in these internal repos. On the same day GitHub detected the breach, the hacker group TeamPCP posted on the underground forum Breached on May 19, claiming to have stolen GitHub source code and "approximately 4,000 private repositories," demanding a minimum bid of $50,000. In the Breached forum post, TeamPCP claimed: "As usual, this is not extortion. We don't care about blackmailing GitHub. Find a buyer, and we will delete the data; it looks like retirement time is near. If no buyer is found, we will leak it for free." TeamPCP is not a novice group. The organization has previously launched supply chain attacks against GitHub, PyPI, NPM, and Docker; the "Mini Shai-Hulud" supply chain campaign earlier this year even affected two OpenAI employees. The VS Code Marketplace itself has a history. Last year, an extension with 9 million cumulative installs was taken down; another 10 extensions disguised as development tools were found to have embedded XMRig miners; and the threat actor WhiteCobra distributed 24 extensions specifically designed to steal cryptocurrency assets. In January 2026, two extensions disguised as AI programming assistants reached 1.5 million cumulative installs, later confirmed to be continuously exfiltrating data to servers in China. This incident once again confirms that the development environment itself is becoming a primary entry point for supply chain attacks, and the review mechanism of the VS Code Marketplace is clearly unable to intercept all malicious uploads in real-time. GitHub currently serves over 180 million developers and hosts over 420 million repositories, with users covering more than 90% of the Fortune 100 companies globally. Although the confirmed breach involves "GitHub internal repos" and does not directly equate to the leakage of user code, GitHub's refusal to disclose the exact name of the malicious extension leaves developers who may have installed suspicious VS Code extensions unable to verify their own security. As the investigation continues, GitHub has yet to explain the specific circumstances under which the affected employee installed the extension, or whether more technical details will be released in the future.

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching2 items

2026-05-20

GitHub officially confirms unauthorized access to internal repositories, crypto circles on alert, developers criticize: GitHub is no longer reliable, something breaks every day

Similarity 120%關鍵字 github同分類 zh

2026-05-01

GitHub Copilot starts charging, revealing the "biggest lie" in the AI industry

Similarity 120%關鍵字 github同分類 zh

💡 Currently matching via keywords + symbols (MVP) · Will be upgraded to embedding semantic search later

Raw Information

ID:409d3aca46

Source:動區 BlockTempo

Published:2026-05-21 01:10:50

Category:zh_news · Export Category zh

Symbols:Unspecified

Community Votes:+0 / −0 · ⭐ 0 Important · 💬 0 Comments