Hackers Infiltrate GitHub by Compromising Employee Device
GitHub has experienced a security breach linked to malware on an employee's device. The breach involved a compromised extension for Visual Studio Code, leading to concerns about the potential exposure of sensitive data. GitHub is actively responding to the incident and has implemented measures to secure its systems.
- ▪The breach was traced to a malicious extension for Visual Studio Code.
- ▪GitHub has over 180 million users and is taking steps to prevent further access by hackers.
- ▪The extension in question is believed to be Nx Console, which may have been installed by over 6,000 users.
Opening excerpt (first ~120 words) tap to expand
Microsoft-owned GitHub, a major platform for software developers, has suffered a breach traced to an employee device that was infected with malware. GitHub disclosed the breach on Tuesday and said it involved a "poisoned" extension for Visual Studio Code, a Microsoft code editor. "We removed the malicious extension version, isolated the endpoint, and began incident response immediately," GitHub tweeted. The incident raises fears that the hackers gained access to sensitive private software code and customer data on GitHub, which has over 180 million users. However, GitHub stressed that “our current assessment is that the activity involved exfiltration of GitHub-internal repositories only.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at PCMag.
Discussion
0 commentsMore from PCMag
