GitHub has officially confirmed, via an X post today, that thousands of its internal repositories were breached after an employee's device was compromised through a malicious Visual Studio Code extension. The company said it detected and contained the incident yesterday, removed the poisoned extension version from the VS Code Marketplace, isolated the affected endpoint, and immediately launched an internal incident response investigation.
The disclosure follows claims posted earlier this week by the TeamPCP hacker group on the Breached cybercrime forum that it had gained access to nearly 4,000 private GitHub repositories via the breach.
The group alleged that it had exfiltrated internal source code and other private data, and stated that it was seeking at least $50,000 from potential buyers for the stolen material. “This is not a ransom,” the group wrote in its post, adding that it intended to sell the data rather than extort GitHub directly, and threatening to leak the repositories publicly if no buyer emerged.
According to GitHub’s current assessment, the activity involved only the exfiltration of GitHub-internal repositories, but the company stated that the attackers’ claims of accessing roughly 3,800 repositories are “directionally consistent” with findings uncovered so far. GitHub also said it has already rotated critical secrets and credentials as part of its containment efforts, while continuing to analyze logs and monitor for any follow-on activity.
TeamPCP has previously been linked to several high-profile campaigns involving platforms such as GitHub, PyPI, npm, and Docker. At the same time, malicious VS Code extensions have repeatedly surfaced in recent years as an increasingly effective vector for breaches and malware delivery.
VS Code extensions are effectively executable plugins embedded inside a developer’s working environment, often with access to local files, terminals, authentication tokens, and cloud tooling. While Microsoft and extension publishers implement various security measures, developers routinely install third-party extensions for debugging, automation, AI coding assistance, and workflow integrations, making the ecosystem an increasingly attractive target for attackers disguising malware as legitimate development tools.
In GitHub’s case, the compromised extension reportedly gave attackers a foothold on the employee's device, granting access to internal repositories and engineering systems. That does not necessarily mean unrestricted access to GitHub’s broader platform or customer repositories. However, internal repositories can still contain valuable operational data such as deployment tooling, infrastructure scripts, security workflows, internal APIs, and unreleased product features. Large technology companies also commonly split infrastructure across thousands of smaller repositories, meaning “3,800 repos” does not necessarily translate to 3,800 major standalone products.
GitHub said it has no evidence that customer data stored outside the affected internal repositories was impacted, and there is currently no indication that public GitHub repositories or platform users' private repositories were broadly exposed.
The incident highlights the growing wave of software supply-chain attacks targeting developers and their tooling rather than end users directly. Modern development ecosystems rely heavily on third-party components, including VS Code extensions, npm packages, PyPI libraries, Docker containers, and AI-assisted coding tools, which means a compromise at almost any layer can expose critical infrastructure. Earlier this year, researchers also discovered malicious packages using invisible Unicode characters hidden across GitHub repositories and VS Code projects, underscoring the growing abuse of trusted developer ecosystems.
