Reports Claim Hackers Stole Thousands of GitHub Private Repositories
Some of my readers, especially longtime ones, may remember that I have warned multiple times about being careful which extensions you choose to install in your web browser. Installing the wrong one, especially one that contains malicious code, can compromise your computer’s security.
This time, it is a lesson on being careful which extension you install in Visual Studio Code (a.k.a. VS Code). In a nutshell, an employee at GitHub installed (or at least updated) an extension that had been contaminated with malware code. The extension then proceeded to steal the employee’s credentials and gain access to tons of GitHub’s own private repositories.
The report claimed the malware stole:
- AWS keys
- Database passwords
- Kubernetes tokens
- SSH credentials
I would venture a guess that other IP (intellectual property) was stolen too.
Additionally, even Bitwarden’s official CLI package published on npm had been compromised by this hacker group.
I will let you read the full report from X below.
🚨A HACKER GROUP JUST STOLE 4,000 OF GITHUB'S OWN PRIVATE REPOSITORIES.. PUT THEM UP FOR SALE FOR $50,000.. AND THE WAY THEY GOT IN IS THE SCARIEST PART..
— Evan Luthra (@EvanLuthra) May 20, 2026
They didn't hack GitHub's servers.. They poisoned a VS Code extension.. One GitHub employee installed it.. And the attackers… https://t.co/EeTA6VBErl pic.twitter.com/cVOMuc83Rd
Posted in Cloud, Computers, General, Internet and Servers, Operating Systems, Security, Software