1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

2/ Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.

3/ We moved quickly to reduce risk. Critical secrets were rotated yesterday and overnight with the highest-impact credentials prioritized first.

4/ We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.

@github If it's a poisoned extension though, you'll have to do more, and likely have, or it's just a short matter of time...

The Wienie 500 is back. Tune in at 2pm ET on FOX to see who will taste victory, cook the competition, and earn the title of top dog.

@github did someone make my games better? hahah

@github 👀

@github Publishing the technical details this early is a good standard for the industry. Rotating those critical secrets overnight was the right move to limit the blast radius.

@github Bro, can you stop spamming, you might get banned

@github Please confirm if customer data, repo is impacted or not