GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub is investigating a claimed breach by threat actor TeamPCP, who listed approximately 4,000 internal repositories for sale on a cybercrime forum.
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. The stolen data reportedly includes GitHub's source code and internal organizational structures. GitHub stated it has found no evidence that customer data outside these internal repositories was compromised. The incident is under active investigation.
TeamPCP, which has been active since at least early 2026, has a track record of targeting high-profile technology companies. In recent months, the group has claimed responsibility for breaching Mistral AI, OpenAI, and other software projects through a widespread supply-chain attack. The group's modus operandi typically involves stealing source code and internal documents, then attempting to extort the victim or sell the data on underground forums.
The breach of GitHub's internal repositories is particularly concerning given the company's central role in the software development ecosystem. GitHub hosts millions of repositories for both open-source and private projects, and its internal codebase contains sensitive information about the platform's own security mechanisms, authentication systems, and infrastructure. If the stolen data includes credentials or API keys, it could potentially be used to launch further attacks against GitHub's customers or the platform itself.
GitHub has not yet disclosed how the attackers gained access to its internal repositories. However, the company's statement suggests that the breach was limited to internal repositories and did not affect customer data stored in GitHub's cloud services. This distinction is important because GitHub hosts sensitive data for many organizations, including enterprises that use GitHub for version control and collaboration.
The incident highlights the ongoing threat posed by supply-chain attacks, where attackers target the development infrastructure of software companies to gain access to their customers' systems. In this case, the breach of GitHub's internal repositories could have far-reaching consequences if the stolen code is used to identify vulnerabilities in GitHub's products or to impersonate the company in future attacks.
Security experts are advising organizations that use GitHub to review their own security practices, including the use of strong authentication, access controls, and monitoring for suspicious activity. GitHub has not yet announced any specific mitigations for customers, but the company is likely to release additional details as its investigation progresses.
The TeamPCP breach is the latest in a series of high-profile attacks targeting the software supply chain. In recent months, similar incidents have affected companies like Grafana Labs, which confirmed that attackers stole proprietary source code from its GitHub repositories after compromising a token. The growing frequency of these attacks underscores the need for organizations to adopt a zero-trust approach to their development environments, where no user or system is trusted by default.
GitHub has confirmed it is actively investigating the breach after TeamPCP claimed to have accessed approximately 4,000 internal repositories containing proprietary source code and sensitive data. The threat group publicly listed the stolen repositories for sale on a cybercrime forum, raising concerns about the exposure of GitHub's internal development operations. GitHub stated that it is working to assess the scope of the incident and has not yet disclosed whether customer data or platform security was compromised.
GitHub has now confirmed the breach, attributing it to an employee installing a malicious Visual Studio Code extension that exfiltrated credentials and access tokens. The attack, which compromised approximately 3,800 internal repositories, aligns with the earlier claims by threat actor TeamPCP, who had listed the stolen data for sale on a cybercrime forum.
GitHub has now confirmed the breach, stating that the TeamPCP hacking group accessed 3,800 internal repositories after an employee installed a malicious VS Code extension. The incident underscores supply-chain risks from compromised IDE extensions, and GitHub is investigating and has taken steps to contain the impact.
GitHub has now confirmed that the breach was caused by a poisoned Visual Studio Code extension, not a direct platform compromise, and that only internal repositories were exfiltrated. The company is actively analyzing logs, rotating secrets, and monitoring for follow-on activity. The threat actor TeamPCP, linked to the Shai-Hulud worm, claims to have stolen approximately 3,800 to 4,000 repositories and is offering the code for sale. This incident follows a recent RCE vulnerability in GitHub.com and GitHub Enterprise Server discovered by Wiz Research, and comes amid ongoing concerns about GitHub's ability to prevent supply-chain attacks.
GitHub confirmed that the breach originated from a poisoned Visual Studio Code extension, which allowed TeamPCP to access and exfiltrate approximately 3,800 internal repositories. The company stated that only internal code was affected and that no customer data was compromised, aligning with the attacker's claims. The disclosure provides the first official attribution of the initial access vector, marking a significant update to the ongoing investigation.
GitHub confirmed on May 20 that the breach originated from a malicious Visual Studio Code extension installed on an employee device, leading to unauthorized access of 3,800 internal repositories. The company stated it has contained the incident, revoked compromised credentials, and is auditing the extension marketplace. TeamPCP is demanding at least $50,000 for the stolen data, threatening to leak it for free if no buyer is found.
GitHub confirmed the breach was carried out via a malicious VS Code extension that compromised an employee's device, and stated that the attacker's claim of approximately 3,800 stolen repositories is "directionally consistent" with its own findings. The company said critical credentials were rotated the same day the breach was detected, and that customer data was not affected. GitHub added that it will publish a fuller report once its investigation is complete.
GitHub confirmed the compromise originated from a poisoned Visual Studio Code extension on an employee device, providing the attack vector missing from the earlier claim. The company stated it rotated critical secrets and found TeamPCP's figure of 3,800 repositories to be "directionally consistent" with its investigation. GitHub has not named the specific extension or attributed the activity to a group, though TeamPCP has posted the stolen data for sale on a cybercrime forum, threatening public release if no buyer is found.
GitHub has now confirmed the breach, stating that a developer executed a poisoned Visual Studio Code extension, leading to the theft of approximately 3,800 internal repositories. The threat actors TeamPCP and Lapsus$ are reportedly cooperating to monetize the stolen data, offering it for sale at $95,000, underscoring the supply-chain risks posed by malicious IDE extensions.
GitHub confirmed the compromise originated from a poisoned third-party VS Code extension on an employee device, and that the attacker's claim of exfiltrating approximately 3,800 internal repositories is directionally consistent with its investigation. The company rotated critical secrets and found no evidence of impact to customer repositories or enterprise data, though some internal repos contain excerpts of support interactions. GitHub stated it will publish a fuller report once the investigation is complete.
GitHub confirmed the breach in a series of posts on X, stating that the compromise of an employee device involved a poisoned VS Code extension. The company said it revoked exposed credentials and that the attacker's claim of approximately 3,800 stolen repositories is consistent with its investigation. Security experts noted that VS Code extensions run with full trust, giving them access to the developer's filesystem, credentials, and cloud keys, highlighting a fundamentally broken trust model in developer tooling.