GitHub confirms breach of 3,800 repos via malicious VSCode extension

gus_

so how did they exfiltrate the information without noticing? what OS was the developer using? what security measures were they using? yesterday discussion https://news.ycombinator.com/item?id=48191680

dang

Previous thread in sequence: GitHub is investigating unauthorized access to their internal repositories - https://news.ycombinator.com/item?id=48201316 - May 2026 (321 comments)

2OEH8eoCRo0

So which extension? Why don't they tell us?

sunshine-o

Isn't 50k a bargain for what could potentially be in those files? Maybe they looked it up and there wasn't anything interesting but then why take the risk for this kind of money? Something doesn't make sense.

jmclnx

Another day another issue with Microsoft products, what else can be said :( At least they are being upfront these days.

1970-01-01

But, it did not go down! Progress!

tekacs

Maybe I'm missing something really obvious, but... 3,800 repos? I guess I find it kind of surprising they have that many!

codedokode

Note that VS Code is built on Electron and it is a pain to sandbox because Electron has (had?) SUID sandbox helper, and you cannot run SUID binaries in sandbox easily. Sandboxing on Linux is extremely difficult task.

josefritzishere

Is it premature to blame AI Microslop?

innoying

If you own a GitHub organization and are looking for what changes/controls you can apply to reduce the risk/impact of PAT token exfiltration (and subsequent abuse) like what occurred here, I listed a few at the end of https://blog.bored.engineer/github-canarytokens-5c9e36ad7ecf... - Enable audit log streaming[1] on your enterprise including source IPs and API requests, even if it’s just going to an S3 bucket nobody looks at it, your incident response team will thank you later. - Enforce the use of SSO on your GitHub organization[2], not just because SSO is good but because it forces an explicit authorization action[3] by users to grant an SSH key/PAT access to your organization resources, instead of granting access implicitly. That way the PAT created for someone’s weekend project won’t have access to your organization resources. - Enforce an IP allowlist[4] for your organization from a set of known trusted VPN/corporate IPs. This is by-far the strongest control (and the most painful to rollout) as it will prevent stolen credentials (even if still valid) from being used by an attacker except on the intended systems where you (hopefully) have other visibility/alerting via EDR or related tooling. - If you can, restrict access from personal access tokens[5] to your organization resources. Blocking classic PATs and enforcing a maximum expiration (ex: 3 months) on fine-grained PATs is a great way to reduce risk if you can’t eliminate PATs altogether[6]. - If you use GitHub enterprise (on-prem), configure collection of the raw HTTP access logs[7] in addition to native GitHub audit logs, it may prove critical during incident response. [1]: https://docs.github.com/en/enterprise-cloud@latest/admin/mon... [2]: https://docs.github.com/en/enterprise-cloud@latest/authentic... [3]: https://docs.github.com/en/enterprise-cloud@latest/authentic... [4]: https://docs.github.com/en/enterprise-cloud@latest/organizat... [5]: https://docs.github.com/en/enterprise-cloud@latest/organizat... [6]: https://edu.chainguard.dev/open-source/octo-sts/overview/ [7]: https://docs.github.com/en/enterprise-server@3.16/admin/moni...

fg137

The (lack of) security of VSCode has always been astounding. People have asked for sandboxing extensions for years [0] with little to no progress, and issues have been discussed a lot (e.g. [1][2]). I guess it hasn't been a big issue, likely because most developers are not complete idiots. But it only takes one developer and one bad extension to consequences like this. I mean, I understand that it is hard to sandbox Node.js applications, but apparently Microsoft has put way more effort into their Copilot slop than security. [0] https://github.com/microsoft/vscode/issues/52116 [1] https://news.ycombinator.com/item?id=42979994 [2] https://news.ycombinator.com/item?id=46855527

notnullorvoid

I really hope this pushes Microsoft to add a explicit permission system to VS Code extensions, and improve security of dev containers.

BrunoBernardino

Curious timing that I've started moving private repos to SourceHut a couple of weeks ago. It's pretty good and fast! I'm also mirroring public ones to Codeberg. I'll write about it when I'm done.

vldszn

friendly reminder: - disable auto-updates for extensions in VS Code/Cursor - use static analysis for GitHub Actions to catch security issues in pre-commit hook and on ci: https://github.com/zizmorcore/zizmor - set locally: pnpm config set minimum-release-age 4320 # 3 days in minutes https://pnpm.io/supply-chain-security - for other package managers check: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e... - add Socket Free Firewall when installing npm packages on CI to catch malware https://docs.socket.dev/docs/socket-firewall-free#github-act...

psadauskas

If only the company behind VSCode, the company behind NPM and the company behind GitHub could get together and figure out a solution to this.

thrawa8387336

Who uses GitHub in 2026

schpet

i'd love to be able to use fine grained tokens with gh and not expose every repo and org that i am connected to on github, but you can't see the results of a github actions check that way (no 'Checks' permission available). hoping these breaches push things in the direction of access being less annoying to manage.

cdrnsf

That's one way to make things open source.

LeoPanthera

Has there been any confirmation of this from a source other than X? It's weird that that's the only source, and therefore makes me distrust the entire story.

aizk

And now, the hackers will be able to scan the repos for more vulnerabilities. Vulnerabilities all the way down.