THE article reports that GitHub, the Microsoft-owned platform, confirmed that a third party gained unauthorized access to 3,800 internal repositories, with the breach detected on 19 May 2026. According to GitHub, the intrusion likely arose from a poisoned Visual Studio Code extension discovered on an employee device, and the data access affected private code assets including the stated number of repositories.
The TeamPCP hacking group claimed the attack, posting on the Breached cybercrime forum and stating they were offering the stolen data for at least $50,000, though they characterised the operation as not a ransom and suggested they would sell to the best offer and delete the data once sold. GitHub said it had contained the breach, removed the malicious extension, isolated the endpoint, and began incident response, with critical secrets rotated yesterday and overnight, prioritising the highest-impact credentials. A more detailed report is expected after the investigation, according to the article.