GitHub, a popular IT project hosting service, suffered a major cyberattack, resulting in hackers penetrating the platform's internal infrastructure. According to an official statement from the development team, at least 3,800 protected source code repositories were compromised. An investigation into the security incident revealed that the large-scale leak was made possible by the carelessness of just one company employee.

The primary attack vector was a third-party extension for the popular Visual Studio Code editor, which the employee installed on his work device. The malicious plugin covertly compromised sensitive system data and leaked unique access keys directly to the hackers' servers. With these digital credentials in their possession, the cybercriminals were able to easily bypass security barriers and block or copy the contents of thousands of repositories. Currently, the service's specialists are actively working to eliminate the consequences of the hack, revoke compromised tokens, and strengthen control over the software used by staff.