Amazon Q Developer Extension security breach details

A significant security breach was discovered in Amazon’s AI-powered Q Developer Extension for Visual Studio Code (VSC), which has been installed nearly one million times. A hacker, using the alias ‘lkmanka58’, injected data-wiping instructions into the codebase via a pull request on Amazon Q’s GitHub repository. This unauthorized code was accepted due to misconfigured workflows or weak permission controls.

Amazon Q Developer Extension security breach detailsAmazon Q Developer Extension security breach details

On July 17, the compromised version 1.84.0 was published to the Visual Studio Code marketplace, containing a prompt that instructed users to clear their systems to a near-factory state. Although the code was formatted to be non-functional, it raised serious security concerns.

Amazon Q Developer Extension security breach detailsAmazon Q Developer Extension security breach details

After external researchers alerted Amazon on July 23, the company launched an investigation and released a clean update (version 1.85.0) on July 24, removing the rogue code and revoking compromised credentials. While AWS stated the malicious snippet couldn’t execute due to formatting issues, some argue it may have triggered without causing damage.