GitHub updates security incident investigation: An employee's device was compromised, involving a compromised VS Code extension.

Mars Finance reports that GitHub has updated its investigation details regarding the unauthorized access incident to internal repositories: GitHub detected and controlled an incident yesterday in which an employee's device was compromised, involving a VS Code extension implanted with malware. GitHub removed the malicious extension, isolated the affected endpoints, and immediately initiated an incident response. Current assessments indicate that data leakage occurred only within GitHub's internal repositories, and the attacker's claim of approximately 3,800 repositories is roughly consistent with the investigation findings. GitHub has prioritized rotating critical credentials and is analyzing logs, verifying the credential rotation, and monitoring subsequent activities. A full report will be released upon completion of the investigation. Furthermore, 23pds, Chief Information Security Officer of SlowMist, commented on the incident, stating: "Through analysis of leaks from cybercrime forums, it is possible that hackers used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal approximately 4,000 core internal repositories. These repositories contained the source code for Copilot, the algorithm for CodeQL, the runtime of Actions, and information about the entire billing system. Further analysis of this code could lead to further attacks, potentially having a profound security impact on the integration of the open-source community."