{"id":254934,"date":"2026-05-20T06:45:00","date_gmt":"2026-05-20T10:45:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/github-confirms-breach-of-internal-repositories\/"},"modified":"2026-05-25T10:45:21","modified_gmt":"2026-05-25T14:45:21","slug":"github-confirms-breach-of-internal-repositories","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/github-confirms-breach-of-internal-repositories\/","title":{"rendered":"GitHub Confirms Breach of Internal Repositories"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/github-confirms-breach-vs-code\/\">GitHub Confirms Breach of Internal Repositories<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/github-confirms-breach-vs-code\/\">https:\/\/www.infosecurity-magazine.com\/news\/github-confirms-breach-vs-code\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-20 06:45:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 internal repositories.<\/p>\n<p>The breach was detected on May 19 and likely comes from a \u201cpoisoned\u201d Visual Studio Code (VS Code) extension found by the GitHub security team on an employee device, GitHub confirmed on social media.<\/p>\n<p>VS Code is a free, open-source code editor developed by Microsoft. It is often used with GitHub Copilot, an AI coding assistant.<\/p>\n<p>The breach was claimed by the TeamPCP hacking group. Posting on the Breached cybercrime forum, the group alleged they gained access to GitHub source code and &#8220;~4000 repos of private code&#8221; on the Breached cybercrime forum. TeamPCP is demanding at least $50,000 for the stolen data.<\/p>\n<p>However, the threat group stated that this was \u201cnot a ransom\u201d and that they were not interested in extorting GitHub.<\/p>\n<p>They claimed that they would only sell the data to one buyer, were &#8220;not interested in under 50k&#8221; and that &#8220;the best offer will get it.&#8221; They certified they would delete the stolen data once a buyer has been found, adding that it appeared their retirement was imminent.<\/p>\n<p>They also warned that if no buyer was found, they would leak the data for free.<\/p>\n<p>After confirming the breach, Github said it has now \u201ccontained\u201d it.<\/p>\n<p>\u201cWe removed the malicious extension version, isolated the endpoint and began incident response immediately. Critical secrets were rotated yesterday and overnight with the highest-impact credentials prioritized first,\u201d said GitHub.<\/p>\n<p>\u201cWe continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.\u201d<\/p>\n<p>The company also promised to publish a more detailed report once the investigation is complete.<\/p>\n<h2><strong>TeamPCP: Cyber Extortion Via Open-Source Projects<\/strong><\/h2>\n<p>TeamPCP is a cyber threat group that has rapidly gained notoriety for large\u2011scale software supply chain attacks, particularly against&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/github-confirms-breach-vs-code\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GitHub Confirms Breach of Internal Repositories https:\/\/www.infosecurity-magazine.com\/news\/github-confirms-breach-vs-code\/ Publish Date: 2026-05-20 06:45:00 Source Domain: www.infosecurity-magazine.com The&#8230;<\/p>\n","protected":false},"author":1,"featured_media":254936,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/3ffe395f-eaa6-4d96-a4fc-71bdaa24d37f.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30],"class_list":["post-254934","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/254934"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=254934"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/254934\/revisions"}],"predecessor-version":[{"id":254937,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/254934\/revisions\/254937"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/254936"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=254934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=254934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=254934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}