Github allegedly Breached
"We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity."
Dark Web Informer says "GitHub source code allegedly offered for sale: Internal orgs and private repositories claimed
A threat actor using the alias TeamPCP claims to be selling GitHub source code and internal organization data.
The actor claims the dataset includes around 4,000 private repositories and says samples can be provided to interested buyers to verify authenticity.
━━━━━━━━━━━━━━━━━━━━
Target: GitHub
Country: United States
Sector: Technology / Software Development / Source Code
Incident Type: Alleged Source Code Sale
Claimed Exposure: Around 4,000 private repositories
Actor: TeamPCP
Price: Offers over $50,000
━━━━━━━━━━━━━━━━━━━━"
Edit: adding xcancel link, thanks jykke!
Update from GitHub:
1/ We are sharing additional details regarding our investigation into
unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device
involving a poisoned VS Code extension. We removed the malicious extension
version, isolated the endpoint, and began incident response immediately.
2/ Our current assessment is that the activity involved extiltration of GitHub-
internal repositories only. The attacker's current claims of ~3,800 repositories
are directionally consistent with our investigation so far.
3/ We moved quickly to reduce risk. Critical secrets were rotated yesterday and
overnight with the highest-impact credentials prioritized first.
4/ We continue to analyze logs, validate secret rotation, and monitor for any
follow-on activity. We will take additional action as the investigation warrants.
5/ We will publish a fuller report once the investigation is complete.