GitHub Confirms Breach of Internal Repositories
GitHub Confirms Breach of Internal Repositories
https://www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/
Publish Date: 2026-05-20 06:45:00
Source Domain: www.infosecurity-magazine.com
The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 internal repositories.
The breach was detected on May 19 and likely comes from a “poisoned” Visual Studio Code (VS Code) extension found by the GitHub security team on an employee device, GitHub confirmed on social media.
VS Code is a free, open-source code editor developed by Microsoft. It is often used with GitHub Copilot, an AI coding assistant.
The breach was claimed by the TeamPCP hacking group. Posting on the Breached cybercrime forum, the group alleged they gained access to GitHub source code and “~4000 repos of private code” on the Breached cybercrime forum. TeamPCP is demanding at least $50,000 for the stolen data.
However, the threat group stated that this was “not a ransom” and that they were not interested in extorting GitHub.
They claimed that they would only sell the data to one buyer, were “not interested in under 50k” and that “the best offer will get it.” They certified they would delete the stolen data once a buyer has been found, adding that it appeared their retirement was imminent.
They also warned that if no buyer was found, they would leak the data for free.
After confirming the breach, Github said it has now “contained” it.
“We removed the malicious extension version, isolated the endpoint and began incident response immediately. Critical secrets were rotated yesterday and overnight with the highest-impact credentials prioritized first,” said GitHub.
“We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.”
The company also promised to publish a more detailed report once the investigation is complete.
TeamPCP: Cyber Extortion Via Open-Source Projects
TeamPCP is a cyber threat group that has rapidly gained notoriety for large‑scale software supply chain attacks, particularly against…
