GitHub confirms ‘hacking’ attack; says: We detected and contained a compromise of an employee device involving a poisoned …

GitHub has confirmed a cyberattack involving unauthorized access to some of its internal repositories after a threat actor claimed it had stolen and was attempting to sell company data online. In a series of posts shared on X (formerly Twitter), the Microsoft-owned subsidiary said it has “detected and contained a compromise of an employee device involving a poisoned VS Code extension.” Github further said the malicious extension was removed, the affected endpoint was isolated and incident response measures were launched immediately. The platform also stated that its “current assessment is that the activity involved exfiltration of GitHub-internal repositories only,” while saying the attacker’s claims of accessing around 3,800 repositories are “directionally consistent” with the company’s investigation so far.