GitHub has confirmed a supply chain attack that resulted in the compromise of approximately 3,800 of the company’s internal repositories. The initial access vector was a malicious Visual Studio Code extension installed on an employee’s workstation. According to the company’s official statement, there is currently no evidence of user data compromise beyond the affected repositories. However, the incident raises serious questions about the security of the extension ecosystems for code editors that millions of developers worldwide use every day.

Timeline and attack mechanism

The attack began when a malicious extension from the VS Code marketplace was installed on a GitHub developer’s device. The company has not disclosed the name of the extension, but it is known that it has already been removed from the marketplace. The compromised device was isolated as part of the incident response process.

The key technical aspect of this attack is the privilege level granted to VS Code extensions. As researchers at Aikido point out, extensions get virtually full access to data on a developer’s machine, including:

• SSH keys and access tokens for cloud services
• Credentials for version control systems
• Environment variables and configuration files
• Other secrets stored locally

This broad access is precisely what allowed the attackers, via a single compromised workstation, to reach roughly 3,800 internal GitHub repositories. The company has confirmed that this number “generally aligns” with the results of its internal investigation.

Attacker activity and data sale claims

According to BleepingComputer, posts appeared on the Breached forum claiming the theft of GitHub source code and around 4,000 private repositories. The attackers allegedly put the data up for sale with a minimum price of $50,000 in cryptocurrency, threatening to publish the dump for free if no buyer emerged. It should be emphasized that these claims come directly from the alleged attackers and have not been independently confirmed.

Threat context

Developer workstations, according to Aikido’s researchers, have become one of the top-priority targets for supply chain attacks. This is understandable: these machines concentrate the keys to infrastructure, repositories, cloud environments, and deployment systems. Compromising a single developer with sufficient privileges can open access to a significant portion of an organization’s internal infrastructure — which is exactly what happened in this case.

Reportedly, attacks using the Shai-Hulud worm, believed to be associated with the same group, previously affected OpenAI employees, although this information is based on a research blog and requires further confirmation.

GitHub’s response measures

GitHub has reported the following actions to contain the incident:

1. Removal of the malicious extension from the VS Code marketplace
2. Isolation of the compromised developer workstation
3. Rotation of critical secrets and credentials, starting with the highest-priority ones
4. Conducting an internal investigation to determine the full scope of the compromise

The company states that the attackers’ access was limited to internal repositories and did not affect user data stored outside them. However, this assessment reflects the current status of the investigation and may change if new evidence is discovered.

Recommendations for organizations

This incident demonstrates a concrete and reproducible attack vector that organizations must protect against:

• Audit VS Code extensions: inventory installed extensions on developer workstations. Implement an allowlist policy for permitted extensions via organization settings.
• Limit privileges: minimize the set of secrets available on workstations. Use short-lived tokens instead of long-lived access keys.
• Secret rotation: if your projects depend on internal GitHub packages or repositories, perform a preventive rotation of access tokens and SSH keys.
• Access segmentation: ensure that compromising a single workstation does not grant access to thousands of repositories. Apply the principle of least privilege to developer accounts.
• Monitoring: configure alerts for unusual repository access patterns — mass cloning, access from atypical locations, or use of previously inactive tokens.

The GitHub incident is a practical demonstration that the extension ecosystem for code editors is a fully fledged supply chain attack vector. Organizations using VS Code in a corporate environment should immediately audit installed extensions, enforce controlled installation policies, and reassess the volume of secrets accessible on developer workstations — it was precisely excessive access from a single device that turned an isolated compromise into an incident affecting 3,800 repositories.