TEAMPCP claims have emerged that GitHub’s internal source code and private organization data were accessed, with the post advertising about 4,000 private repositories and asking for a minimum of $50,000 from a single buyer. According to GitHub, the breach is under investigation and there is currently no evidence that customer data stored outside internal repositories has been affected, though the company is monitoring for follow-on activity.
The incident began after a poisoned VS Code extension compromised an employee device, rather than a zero-day or brute-forced credentials, and GitHub has rotated critical secrets as a priority during initial response. TeamPCP’s claim that around 3,800 repositories were involved is described by GitHub as directionally consistent with their investigation.
The developing nature of the case emphasises the need for vigilance across the ecosystem, as the attackers’ access could enable future supply-chain or social-engineering risks. May 20 2026.