GitHub Confirms 3,800 Private Repos Compromised via Malicious VS Code Extension
— Decrypt
GitHub confirmed unauthorized access to thousands of private repos via a malicious VS Code extension.
GitHub confirmed TeamPCP accessed 3,800 private repos through a malicious VS Code extension installed by an employee.
- TeamPCP gained access after a GitHub employee installed a harmful coding tool.
- 3,800 private repositories were exposed, highlighting a security breach.
- The incident raises concerns about software development security.
Malicious extension access increases security vulnerabilities, potentially undermining trust in software projects.