GitHub Breach: 4K Repositories Compromised via Token Mismanagement
GitHub confirmed a data breach involving the theft of 4,000 internal repositories due to a compromised employee device and a missed GitHub workflow token rotation. The breach was linked to a malicious Visual Studio Code extension. Security teams should immediately review access controls and token management practices to prevent similar incidents. The incident underscores the critical need for robust token rotation policies and employee device security measures.