GitHub updates security incident investigation: An employee's device was compromised, involving a compromised VS Code extension.

CoinFeed reported on May 20th that GitHub released an update on the investigation details regarding the unauthorized access incident to internal repositories: GitHub detected and controlled an incident yesterday in which an employee's device was compromised, involving a VS Code extension that had been implanted with malware. GitHub removed the malicious extension, isolated the affected endpoints, and immediately initiated an incident response. Current assessments indicate that data was leaked only from internal GitHub repositories, and the number of repositories claimed by the attackers (approximately 3,800) is roughly consistent with the investigation findings. GitHub has prioritized rotating critical credentials and is currently analyzing logs, verifying the credential rotation, and monitoring subsequent activities. A full report will be released upon completion of the investigation.