A malicious VS Code extension installed on a GitHub employee device triggered a major security breach that exposed thousands of the company’s internal repositories.
Quick Summary – TLDR:
- GitHub confirmed around 3,800 internal repositories were accessed during a supply chain attack linked to a poisoned VS Code extension.
- The hacker group TeamPCP claimed responsibility and allegedly offered the stolen data for sale for at least $50,000 on a cybercrime forum.
- GitHub says customer repositories and enterprise data were not affected based on its current investigation.
- Security researchers warn that developer tools and extensions are becoming one of the biggest attack targets in the software industry.
What Happened?
GitHub has confirmed a major internal breach after attackers gained access to thousands of company repositories through a compromised employee device. According to the company, the incident began after an employee installed a malicious Visual Studio Code extension that secretly gave attackers access to internal systems.
The Microsoft-owned platform said the breach involved only GitHub internal repositories and there is currently no evidence that customer repositories or enterprise data outside those systems were impacted.
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely…
— GitHub (@github) May 19, 2026
GitHub Confirms Internal Repository Theft
The breach first came to light after the hacking group TeamPCP posted claims on a cybercrime forum saying it had stolen GitHub source code and access to roughly 4,000 private repositories. The group reportedly demanded at least $50,000 from potential buyers interested in purchasing the stolen data.
GitHub later confirmed that the attackers’ claims were “directionally consistent” with its investigation. The company said approximately 3,800 internal repositories were affected.
In a public statement, GitHub said:
The company also confirmed it rotated critical secrets and credentials as a precaution while continuing to investigate the incident.
Malicious VS Code Extensions Are Becoming a Serious Threat
Security researchers say the attack highlights growing risks tied to developer tools and software extensions. VS Code extensions can access nearly everything on a developer’s machine, including credentials, SSH keys, cloud tokens, API secrets, and sensitive company data.
Researchers from Aikido Security warned that developer workstations have become one of the biggest targets in modern supply chain attacks.
Aikido Security’s Mackenzie Jackson said:
The extension involved in the breach has not been publicly identified by GitHub.
This is not the first time malicious extensions have appeared on the VS Code Marketplace. Over the past few years, several fake or compromised extensions have been caught stealing developer credentials, installing cryptominers, spreading ransomware, and exfiltrating sensitive data.
Earlier this year, security researchers discovered AI-themed coding assistant extensions with more than 1.5 million installs secretly sending developer data to servers in China.
TeamPCP Expands Supply Chain Attacks
The incident also adds to a growing list of attacks linked to TeamPCP. The group has previously been connected to supply chain compromises involving GitHub, Docker, PyPI, NPM, Bitwarden CLI, Trivy, Checkmarx, and TanStack.
Researchers say TeamPCP has increasingly focused on compromising trusted developer ecosystems to silently spread malware and steal credentials.
Separate reports tied the group to the “Mini Shai Hulud” malware campaign, which targeted software packages and cloud environments using stolen tokens and automated propagation techniques.
One compromised package reportedly downloaded malware capable of stealing credentials from cloud services, password managers, Docker environments, SSH keys, and Kubernetes systems.
Security experts warn that organizations should now treat developer endpoints as critical infrastructure because a single compromised machine can provide deep access into enterprise environments.
SQ Magazine Takeaway
I think this attack is another major warning sign for the software industry. Companies spend millions protecting servers and cloud systems, but many still ignore the biggest weak point sitting right in front of them, developer machines. One fake extension was enough to expose thousands of GitHub repositories, and that should scare every tech company right now.
The bigger problem is trust. Developers rely heavily on extensions, packages, and open source tools every single day. Attackers clearly understand that compromising one trusted tool can open doors into massive ecosystems. This trend is getting worse, not better.