Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked with Microsoft to combat an issue that could have led to some nasty supply chain attacks.

Wiz Security examined more than 500 extensions across the VS Code and Open VSX marketplaces, provided by hundreds of publishers, and found more than 550 validated secrets.

By “secrets,” security folk typically mean things such as access and authorization tokens, credentials, API and/or encryption keys, certificates, and the like.

It identified 67 categories of secrets, but the majority could be placed into three groups: generative AI platforms, high-risk professional platforms such as AWS, GCP, Auth0, and GitHub, and databases such as MongoDB and Postgres.

More than 100 of the 550-plus secrets they found would have given attackers access to update the extension itself, and given that VS Code auto-updates extensions, the potential for a supply chain attack was dangerously high.

Wiz said that after finding the issues, particularly those which leaked personal access tokens (PATs) for updating the extension, its researchers could have deployed malware to around 150,000 users in one swoop.

Many of the affected machines were vulnerable because of theme downloads.

While many might think these would be more benign than other extensions, as they don’t introduce any code into projects, there’s nothing to prevent themes from introducing malware.

More notable cases that could have allowed attackers to push extension updates included what Wiz referred to as a “$30 billion market cap Chinese megacorp,” which published an internal extension only meant for company employees.

Ideally, companies would not publish these, but often do for convenience, Wiz said.

“Vendor-specific extensions are common, and allow for interesting targeting opportunities if compromised,” said Rami McCarthy, principal security researcher at Wiz. “For example, one at-risk extension belonged to a Russian construction technology company.”

Before publishing the research on Wednesday, Microsoft implemented secrets-scanning across Visual Studio Marketplace and now blocks extensions that leak this sensitive data.

It first announced the move in August, and it blocked leaky extensions on September 22.

Given that VS Code is by far the world’s most popular integrated developer environment, and considering the rise of AI-focused forks like Cursor and Windsurf, a huge number of devs stand to benefit from the new protections.

Developers of the affected extensions have all been contacted by Wiz and Microsoft – the former dealt with those at the highest risk while the latter cleaned up the rest.

Microsoft will also be working with extension devs to ensure sanitized versions are the only ones available to users after scanning all existing extensions for exposed secrets.

“The issue highlights the continued risks of extensions and plugins, and supply chain security in general,” said McCarthy. “It continues to validate the impression that any package repository carries a high risk of mass secrets leakage.

“It also reflects our findings that AI secrets are a large part of the modern secrets leakage landscape, and indicates the role vibe coding might play in that problem.

“Finally, our work with Microsoft highlights the role that responsible platforms can play in protecting the ecosystem. We are grateful to Microsoft for the partnership and working to protect customers together. Without their willingness to lean in here, it would have been impossible to scale disclosure and remediation.” ®