So presumably what this malicious extension did was steal the Github employee's tokens/cookies and then the attackers had access to the internal Github repos
Bad enough that the employee was able to install arbitrary executable code without review from anyone, but also why did they have access to 3,800 repos? Are they working on all of them right now? Are they pulling in code from all of them into their current projects?
People like to rail against traditional IT staffs and departments, especially the startup crowd that lives around here but there is a reason you put up controls and reviews and don't just let everyone have admin on their laptops (yes, I get that this wasn't necessarily abuse of admin on the employee's laptop)
Bad enough that the employee was able to install arbitrary executable code without review from anyone, but also why did they have access to 3,800 repos? Are they working on all of them right now? Are they pulling in code from all of them into their current projects?
People like to rail against traditional IT staffs and departments, especially the startup crowd that lives around here but there is a reason you put up controls and reviews and don't just let everyone have admin on their laptops (yes, I get that this wasn't necessarily abuse of admin on the employee's laptop)