Security firm GitHub has confirmed that hackers stole data from around 3,800 internal code repositories. The breach was detected after a poisoned VS Code extension was used to compromise an employee device.

Hackers are increasingly targeting popular open-source projects, including coding extensions, as these can provide access to vast numbers of computers at once. This strategy amplifies the reach and potential impact of their attacks.

The suspected hacking group, TeamPCP, has claimed responsibility for this breach, selling the data on a cybercrime forum. Previously, they targeted the European Commission, stealing over 90 gigabytes of data from its cloud storage.

In a similar but separate incident, hackers infiltrated Tanstack, a platform used by web developers, to steal passwords and tokens. This highlights the ongoing threat posed by sophisticated attacks on both large organisations and smaller tools.