Technology
Preferred on Google
Google News

GitHub internal repos breached

GitHub confirms internal repositories were accessed via a compromised VS Code extension, with no evidence of customer data being affected.

6 min read
Abstract representation of code and network connections, symbolizing cybersecurity.
GitHub investigates a security breach affecting internal repositories.· Github Blog

GitHub is investigating an unauthorized access incident that compromised its internal repositories. The breach, detected on May 18th, originated from a poisoned VS Code extension published by a third party.

Visual TL;DR. VS Code Extension Compromised led to GitHub Internal Repos Accessed. GitHub Internal Repos Accessed prompted Malicious Version Removed. GitHub Internal Repos Accessed prompted Employee Device Isolated. GitHub Internal Repos Accessed involved Internal Repos Exfiltrated. Internal Repos Exfiltrated but No Customer Data Impact. Internal Repos Exfiltrated included Customer Support Excerpts. Customer Support Excerpts may trigger Customer Notification Pending.

Related startups

  1. VS Code Extension Compromised: third-party VS Code extension published with malicious code
  2. GitHub Internal Repos Accessed: unauthorized access to GitHub's internal repositories detected
  3. Malicious Version Removed: malicious extension version was immediately removed from marketplace
  4. Employee Device Isolated: affected employee device was isolated to prevent further spread
  5. No Customer Data Impact: no evidence of customer data being affected outside internal systems
  6. Internal Repos Exfiltrated: activity involved exfiltration of GitHub-internal repositories only
  7. Customer Support Excerpts: some internal repos contained excerpts of customer support interactions
  8. Customer Notification Pending: customers will be notified if any impact is discovered
Visual TL;DR
Visual TL;DR — startuphub.ai VS Code Extension Compromised led to GitHub Internal Repos Accessed. GitHub Internal Repos Accessed prompted Malicious Version Removed. GitHub Internal Repos Accessed prompted Employee Device Isolated led to prompted prompted VS Code Extension Compromised GitHub Internal Repos Accessed Malicious Version Removed Employee Device Isolated No Customer Data Impact From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai VS Code Extension Compromised led to GitHub Internal Repos Accessed. GitHub Internal Repos Accessed prompted Malicious Version Removed. GitHub Internal Repos Accessed prompted Employee Device Isolated led to prompted prompted VS Code ExtensionCompromised GitHub InternalRepos Accessed Malicious VersionRemoved Employee DeviceIsolated No Customer DataImpact From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai VS Code Extension Compromised led to GitHub Internal Repos Accessed. GitHub Internal Repos Accessed prompted Malicious Version Removed. GitHub Internal Repos Accessed prompted Employee Device Isolated led to prompted prompted VS Code Extension Compromised third-party VS Code extension publishedwith malicious code GitHub Internal Repos Accessed unauthorized access to GitHub's internalrepositories detected Malicious Version Removed malicious extension version wasimmediately removed from marketplace Employee Device Isolated affected employee device was isolated toprevent further spread No Customer Data Impact no evidence of customer data beingaffected outside internal systems From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai VS Code Extension Compromised led to GitHub Internal Repos Accessed. GitHub Internal Repos Accessed prompted Malicious Version Removed. GitHub Internal Repos Accessed prompted Employee Device Isolated led to prompted prompted VS Code ExtensionCompromised third-party VS Codeextension publishedwith malicious code GitHub InternalRepos Accessed unauthorized accessto GitHub'sinternal… Malicious VersionRemoved malicious extensionversion wasimmediately removed… Employee DeviceIsolated affected employeedevice was isolatedto prevent further… No Customer DataImpact no evidence ofcustomer data beingaffected outside… From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai VS Code Extension Compromised led to GitHub Internal Repos Accessed. GitHub Internal Repos Accessed prompted Malicious Version Removed. GitHub Internal Repos Accessed prompted Employee Device Isolated. GitHub Internal Repos Accessed involved Internal Repos Exfiltrated. Internal Repos Exfiltrated but No Customer Data Impact. Internal Repos Exfiltrated included Customer Support Excerpts. Customer Support Excerpts may trigger Customer Notification Pending led to prompted prompted involved but included may trigger VS Code Extension Compromised third-party VS Code extension publishedwith malicious code GitHub Internal Repos Accessed unauthorized access to GitHub's internalrepositories detected Malicious Version Removed malicious extension version wasimmediately removed from marketplace Employee Device Isolated affected employee device was isolated toprevent further spread No Customer Data Impact no evidence of customer data beingaffected outside internal systems Internal Repos Exfiltrated activity involved exfiltration ofGitHub-internal repositories only Customer Support Excerpts some internal repos contained excerpts ofcustomer support interactions Customer Notification Pending customers will be notified if any impactis discovered From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai VS Code Extension Compromised led to GitHub Internal Repos Accessed. GitHub Internal Repos Accessed prompted Malicious Version Removed. GitHub Internal Repos Accessed prompted Employee Device Isolated. GitHub Internal Repos Accessed involved Internal Repos Exfiltrated. Internal Repos Exfiltrated but No Customer Data Impact. Internal Repos Exfiltrated included Customer Support Excerpts. Customer Support Excerpts may trigger Customer Notification Pending led to prompted prompted involved but included may trigger VS Code ExtensionCompromised third-party VS Codeextension publishedwith malicious code GitHub InternalRepos Accessed unauthorized accessto GitHub'sinternal… Malicious VersionRemoved malicious extensionversion wasimmediately removed… Employee DeviceIsolated affected employeedevice was isolatedto prevent further… No Customer DataImpact no evidence ofcustomer data beingaffected outside… Internal ReposExfiltrated activity involvedexfiltration ofGitHub-internal… Customer SupportExcerpts some internal reposcontained excerptsof customer support… CustomerNotification… customers will benotified if anyimpact is… From startuphub.ai · The publishers behind this format

According to a blog post from the company, the malicious extension version was removed, and the affected employee device was isolated immediately. GitHub's current assessment indicates that the activity involved the exfiltration of GitHub-internal repositories only.

The attacker's claims of compromising around 3,800 repositories align with GitHub's ongoing investigation. Crucially, the company states there is no evidence of impact to customer information stored outside of GitHub's internal systems, such as customer enterprises, organizations, and repositories. However, some internal repositories did contain excerpts of customer support interactions.

GitHub has confirmed that customers will be notified via established channels if any impact is discovered.

Rapid Response

In response to the incident, GitHub rotated critical secrets on Monday and Tuesday, prioritizing the highest-impact credentials first. The company is continuing to analyze logs, validate secret rotation, and monitor its infrastructure for any follow-on activity.

A fuller report will be published once the investigation is complete.

© 2026 StartupHub.ai. All rights reserved. Do not enter, scrape, copy, reproduce, or republish this article in whole or in part. Use as input to AI training, fine-tuning, retrieval-augmented generation, or any machine-learning system is prohibited without written license. Substantially-similar derivative works will be pursued to the fullest extent of applicable copyright, database, and computer-misuse laws. See our terms.
#GitHub#Security Breach#Cybersecurity#VS Code#Software Development