Skip to main content
Emerging ThreatsData Breaches

GitHub Breach Exposes 3,800 Internal Repositories

Disarrayed developer workstation with scattered coding tools and crossed-out code.

"Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only," GitHub tweeted, framing the incident as internally focused even as the platform publicly confirmed a large theft of code.

Scope of the theft and GitHub’s assessment

Late Tuesday GitHub warned that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisoned VS Code script, which is developed by Microsoft. In a Wednesday update the company said it doesn't believe that customer data has been affected, and called the activity an exfiltration of GitHub-internal repositories only. A claim on the BreachForums hacking site by the TeamPCP threat actor that it stole about 4,000 repositories is "directionally consistent with our investigation so far," GitHub said.

The vector: a poisoned Visual Studio Code extension

GitHub said the incident began when a single developer downloaded a poisoned VS Code extension. The platform removed the malicious extension but did not identify it publicly. One candidate named in public discussion is Nx Console: an Nx coder warned that a compromised version went live for 18 minutes before being taken down. Cybersecurity firm StepSecurity noted that "given the timing, many in the security research community believe the Nx Console compromise described in this post is a likely candidate, although this has not been confirmed by GitHub."

Attack character and a recurring supply-chain playbook

The tip line from investigators and observers points to a continued supply-chain playbook. TeamPCP specializes in supply-chain attacks against open-source software and has claimed responsibility for other incidents that used stolen credentials and malicious packages. European cyber defenders traced a March incident that resulted in 92 gigabytes of data stolen from the European Commission back to cloud credentials filched by TeamPCP in a March hack against the Trivy open-source vulnerability scanner. The group has also claimed a spate of supply-chain attacks targeting JavaScript and Python software repositories via wormable malware known as Shai-Hulud — a name that, the reporting notes, signals the group’s affinity for the "Dune" series.

Sale, attribution and the role of other criminal groups

The intrusion was first spotted by darkweb researcher Matthew Maynard, who posted late Tuesday that the incident was "one of the more significant alleged platform exposures we’ve seen in a while." On BreachForums the hackers initially said they would sell the data for a minimum of $50,000. Maynard told ISMG that TeamPCP appears to have removed the BreachForums listing and is now selling the data in cooperation with the Lapsus$ cybercrime gang. The same data is listed on the Lapsus$ data leak site for $95,000.

How technologists, open-source maintainers, and European cyber defenders are responding

  • Technologists and security teams: Practitioners are revisiting developer workstation risk and CI/CD processes. Boris Cipot, principal security engineer at Black Duck, emphasized that "developer workstations, with their access to repositories containing secrets, credentials and code, are primary hacking targets," and added that "Attackers no longer need sophisticated zero-days. They exploit trust in everyday tools." Some defenders have suggested delaying automatic merges into continuous integration pipelines to allow time to detect and remove poisoned packages, a step flagged in the reporting as carrying operational tradeoffs.
  • Open-source maintainers and extension projects: Maintainers will be watching extension distribution and the brief windows in which compromised builds can be live. The Nx coder's warning about an 18-minute window underscores how quickly a malicious package can be published and then removed, complicating incident detection and response.
  • European cyber defenders: Having traced a March loss of 92 GB from the European Commission to credentials stolen in a TeamPCP attack on Trivy, defenders on the continent are treating this incident as part of a pattern that links credential theft, supply-chain compromise and downstream data exfiltration.

A narrow exfiltration with wider implications

GitHub’s current public assessment limits the immediate technical damage to internal repositories, and the company says customer data does not appear to be affected. Yet the episode replays several unsettling dynamics: trusted developer tools can become vectors, supply-chain tactics continue to scale, and criminal groups are willing to monetize exfiltrated code quickly — moving listings between forums and competing data-leak sites at set prices. The mix of speed, trust in everyday tooling and the public marketplaces for stolen data means even an event described as an internal exfiltration can ripple outward through developer workflows, vendor trust and the open-source ecosystem.

Original reporting: GitHub Hacked, Internal Repositories Offered for Sale — GovInfoSecurity