GitHub Breach: The Goal isn’t Zero Risk. It’s an Empty Harvest.

Last week, Microsoft-owned GitHub confirmed that attackers exfiltrated data from internal repositories after a poisoned Visual Studio Code extension compromised an employee’s device, linked to the hacking group TeamPCP.

In response to the ongoing series of software supply chain attacks, Acora’s CISO, Darren Humphries, shares his latest assessment on the breach and key takeaways organisations using GitHub could improve on.

The real story isn’t the attack; it’s what made it easy

The headline figure is real: 5,718 commits to 5,561 repositories in six hours, two payload variants, competent operational tradecraft. That’s not in dispute.

What the headline doesn’t say is why the attack was worth running. Megalodon simply took advantage of things that were already left exposed, like long‑lasting access credentials, overly broad permissions, and sensitive keys sitting in the pipeline. It didn’t need sophisticated tricks. The real issue is that these risks were unintentionally built in: credentials were stored there, given wider access than needed, and left active for too long.

Six things any organisation using GitHub Actions can do better

The fix isn’t a new product. It’s a set of architectural choices that, taken together, leave the harvester with nothing useful to take.

1. The architect sneaks out of the code path. Use Code holds references, never values. Credential material lives in a managed vault.
2. Block secrets at the commit gate. Using gitignore shipping with every repo template, none of these is new and novel methods, and all of them are freely available to use.
3. Using CI/CD cloud authentication to OIDC federation. GitHub Actions requests short-lived, role-scoped tokens from Key Vaults at the moment the workflow runs. The stored access keys and the artefacts Megalodon harvested should never have existed.
4. Scope secrets per-repository, not organisation-wide. Each repository’s compromise should expose only its own credentials. A flat organisation-wide secrets pool is a force multiplier for an attacker who lands anywhere in the estate.
5. Replace classic PATs with fine-grained, short-expiry tokens. Repository-scoped, permission-scoped, 90-day maximum, IP-restricted to known CI runner ranges where possible. Megalodon’s initial access vector was stolen PATs and deploy keys; a smaller blast radius and faster expiry are the answers.
6. Restrict GITHUB_TOKEN workflow permissions to contents: read by default. A malicious workflow that lands in a repository shouldn’t be able to use the runner’s own token to push further malicious commits or modify other workflows.

The cadence is the part worth paying attention to. Mini Shai-Hulud landed on 11 May. Megalodon on 18 May. A week between supply-chain compromises of this scale is not a coincidence; it’s the new operating tempo. The annual security review stopped being a meaningful response window some time ago. The goal isn’t zero risk. It’s an empty harvest.