:red_exclamation_mark:GitHub被黑，目前确认至少其内部仓库代码泄露，建议赶紧把重要

星***

又是老熟人TeamPCP干的

我们正在调查未经授权访问 GitHub 内部代码库的事件。虽然目前我们没有证据表明存储在 GitHub 内部代码库之外的客户信息（例如我们客户的企业、组织和代码库）受到影响，但我们正在密切监控我们的基础设施，以防后续事件发生。

source(官方x): GitHub on X: “We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely” / X (https://x.com/github/status/2056884788179726685)
调查时间线，目前还没结果，最好的结果就是只有GitHub自己的内部仓库源码泄露（虽然也没好哪去，有源码就能更容易地挖掘出很多攻击点）
GitHub on X: “1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub’s internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version,” / X (https://x.com/github/status/2056949168208552080)
保险起见还是把各种key凭据都先换了吧，尤其是比较重要的私有仓库，攻击来源是一个GitHub员工安装了恶意的VSCode扩展，导致整个内部仓库被拖