1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

2/ Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.

@github Extension name, please? Why the delay in sharing it?

@github @grok What does this mean for customers 🤔

@github Just to be clear: Microsoft’s GitHub was compromised when a Microsoft developer using Microsoft VSCode installed a rogue extension from Microsoft’s VSCode extension library, which is moderated and hosted by Microsoft. I guess I’ll be reevaluating my life choices.

Quick question from a small business owner perspective: I have a live business website built entirely in VS Code and deployed directly from a GitHub repository (using GitHub Pages + custom domain). How does this latest change affect existing live sites like mine? Will there be any impact on deployment workflow, build process, or live performance? Would love a clear explanation — many small businesses and indie developers rely heavily on this exact VS Code + GitHub workflow.

@github What was the VS Code Extension? Help people out.

@github We need the name of the extension, please !

@github You could at least send a message that not affected accounts are safe. But Github is going to loose a huge deal without taking care of the psychological consequences of this. What a shame.

@github why does one developer have access to 3,800 repositories?

@github I wonder how much of the installation of poisoned extensions is being driven by Cursor, Codex and Claude Code. To my knowledge, none of the vendors are performing SCA for the supply chain that their models "recommend" when generating code.

@github Could this possibly have compromised Microsoft accounts? I received a single-use code that i did not request

@github Liberum veto: Rzeczpospolita. Liberum install: GitHub. Pattern recognition.

@github What is the definition of GitHub-internal repository?

@github @grok are there vendors other than koi (now part of PaloAlto) that can prevent this?

@github @unicodeveloper * in this case, GitHub

@github oh brudda. someone up top just wanted a quick payday. just confirmed the attack’s authenticity. easier to procure a buyer. rinse. and repeat

@github Dumb question i know but I appreciate if you answer 😭

@github GitHub you got to stop with L's. Soon enough the standard will become self hosted Git repos if this continues. Might be for the better though.

@github Here's a thought, TELL US THE EXTENSION.

@github sudo rm -rf /github

@github It’s one dumpster fire after another with you guys lately. Crazy how this comes so fast on the heels of the massive layoffs. Probably just coincidence…

@github How the fuck is your CI/CD pipeline for devs using tools not locked down. Are you fucking high? At the very least sack the fucks that loaded extension outside of what I assume are controls, which leads me back to question 1?

@github GitHub got hit through a VS Code extension. That's the threat model in 2026.

@github Poisoned VS Code extension as the entry vector that's a clever attack,trusted dev tools are exactly where security teams tend to look last. Good on GitHub for disclosing quickly, full transparency on root cause is what the community needs right now

@github Is there anything in tech that's not been hacked?

@github lmaoooooooo people have been literally BEGGING to help microsoft get their arms around the EASILY DETECTABLE shit in vscode for YEARS now rip motherfuckers

@github so the most secure repos in the world got taken down by a vs code extension

@github A Microsoft text editor extension taking down internal Microsoft code repositories is a brutal supply chain loop.

Chat with the most truthful AI on Earth. Try Grok free today.