Skip to content

GitHub Investigates Alleged Security Breach of Internal Repositories

Bottom line: GitHub confirms a security breach of approximately 3,800 internal repositories after an employee installed a malicious VS Code extension. Hacker group TeamPCP demands $50,000 for access to around 4,000 private code repositories and threatens free disclosure.

GitHub has confirmed a security breach affecting approximately 3,800 internal repositories after an employee installed a malicious Visual Studio Code extension. The hacker group TeamPCP claimed access to around 4,000 repositories with private code and demanded at least $50,000.

GitHub is conducting an investigation into a security breach in its internal repositories after hacker group TeamPCP claimed to have accessed approximately 4,000 repositories containing private code. The cloud-based development platform is used by more than four million organizations, including 90 percent of Fortune 100 companies, as well as over 180 million developers contributing to more than 420 million code repositories.

GitHub stated to BleepingComputer that it currently has no evidence of impact on customer data outside of the internal repositories. The company is closely monitoring its infrastructure for follow-up actions. All affected customers will be alerted through established notification and incident response channels, should any impact be identified.

TeamPCP demanded at least $50,000 on the Breached hacking forum and offered samples to verify authenticity. The group emphasized that this was not extortion and announced it would destroy the data or publish it for free if no buyer was found.

TeamPCP was previously linked to supply chain attacks on multiple developer platforms, including GitHub, PyPI, NPM, and Docker. In March, the group compromised Aqua Security’s vulnerability scanner Trivy, leading to attacks on Docker images and the Checkmarx KICS project. The group is also associated with the Mini Shai-Hulud campaign and stolen Mistral AI source codes.

Share on: