GitHub, a well-known developer platform owned by Microsoft, has confirmed that data was stolen from about 3,800 internal code repositories in a hacking attack, TechCrunch reported on Tuesday.
The breach began from an employee device that had a malicious Visual Studio Code extension installed, the report said.
GitHub said on social media platform X, formerly known as Twitter, that it has found no evidence that customer information stored outside internal repositories was affected. It added that its investigation is continuing.
GitHub said it detected and blocked an employee-device compromise linked to the tainted Visual Studio Code extension. It did not disclose the name of the extension.
Separately, the hacking group TeamPCP has claimed responsibility for the breach and is reported to be selling the stolen data on a cybercrime forum. GitHub did not respond to questions on whether it had contact with the hackers or received ransom demands.
TeamPCP has previously claimed responsibility for an incident involving the theft of more than 90 GB of data from cloud storage at the European Commission.
Chi-gyu Hwang
delight@d-today.co.kr