GitHub confirms breach of 3,800 repos via malicious VSCode extension

Original Article ↗ Hacker News Discussion ↗

Attack vector and scope

  • Breach tied to a compromised VS Code extension, identified in the thread as “nx console,” later confirmed via GitHub’s own blog and the extension’s security advisory.
  • Malware on an employee’s device led to unauthorized access to ~3,800 internal GitHub repositories; commenters note this is likely a subset of total internal repos.

How exfiltration likely worked

  • Consensus: the extension/malware harvested local secrets (SSH keys, PATs, env vars) and exfiltrated a small encrypted payload to attacker-controlled infrastructure.
  • With valid tokens, attackers could clone any internal/private repos those credentials could access, without re-auth or 2FA, and often without triggering effective alarms.
  • Commenters stress that preventing exfiltration from an internet-connected dev machine is “virtually impossible,” and detection is hard if access looks normal.

VS Code and extension security concerns

  • Heavy criticism that VS Code has “no real security model”: extensions, front-end, and back-end share broad, unsandboxed access.
  • Several people highlight long-standing, unresolved requests for an extension permission system and sandboxing.
  • Others argue this is a general problem for any extensible editor or plugin ecosystem, not VS Code-specific.

Mitigations discussed

  • Network-level: restrict outbound connections (per-app firewalls like OpenSnitch, allowlists), monitor unusual traffic, especially to nonstandard domains.
  • Platform-level: sandbox IDEs/extensions (WASM/WASI, containers, Flatpak-like models), limit file-system visibility, block or gate network access.
  • GitHub org controls: enforce SSO, IP allowlists, PAT restrictions/expiry, audit log streaming, and collection of HTTP logs; use canary tokens and static analysis for Actions.
  • Personal practices: disable auto-updating extensions, minimize extension count, prefer “official” or self-written ones, and use delayed adoption of new package versions.

Ransom and leak dynamics

  • Attackers reportedly offered the internal repos for a minimum of $50k.
  • Debate over whether paying ransoms ever makes sense: some argue experienced groups will honor deletion to preserve their “business model”; others insist there is no credible way to verify deletion and paying only adds risk and cost.

Broader reactions

  • Some call for moving away from VS Code and GitHub, or from Microsoft ecosystems generally.
  • Others note that large orgs will inevitably accumulate thousands of repos and that extension/package supply-chain attacks will become more common.