Breaking
Senators and House Committees Urge NSF to Halt Dismantling of Ocean Monitoring NetworkTrump and Iran Reach Agreement to End War, Reopen Strait of HormuzCybersecurity Experts Urge US Government to Lift Export Controls on AI ModelsSpaceX IPO Surpasses Expectations, Raising $85.7 BillionBaseus AM52 Qi2 Power Bank with Built-in Cable Gets Exclusive DiscountUK to Ban Social Media for Under-16s, Citing Mental Health ConcernsSalesforce to Acquire AI Customer Service Platform Fin for $3.6 BillionNASA Directed ISS Astronauts to Seek Emergency Refuge Due to CracksThe Trump Phone: A Year of Mystery, Delays, and Unanswered QuestionsCrude Oil Prices Plunge as Iran Deal Expected to Be SignedSenators and House Committees Urge NSF to Halt Dismantling of Ocean Monitoring NetworkTrump and Iran Reach Agreement to End War, Reopen Strait of HormuzCybersecurity Experts Urge US Government to Lift Export Controls on AI ModelsSpaceX IPO Surpasses Expectations, Raising $85.7 BillionBaseus AM52 Qi2 Power Bank with Built-in Cable Gets Exclusive DiscountUK to Ban Social Media for Under-16s, Citing Mental Health ConcernsSalesforce to Acquire AI Customer Service Platform Fin for $3.6 BillionNASA Directed ISS Astronauts to Seek Emergency Refuge Due to CracksThe Trump Phone: A Year of Mystery, Delays, and Unanswered QuestionsCrude Oil Prices Plunge as Iran Deal Expected to Be Signed
Newsgather
BackGitHub Confirms Cyberattack After Threat Actor Claims Data Sale
GitHub Confirms Cyberattack After Threat Actor Claims Data Sale
Urgent
Times of India5/20/2026Tech2 min readIndia

GitHub Confirms Cyberattack After Threat Actor Claims Data Sale

cyberattackdata breachgithub

Quick Look

  • GitHub confirmed a cyberattack involving unauthorized access to internal repositories after a threat actor claimed to be selling company data.
  • The breach was linked to a poisoned VS Code extension on an employee device.

AI-generated summary

Why It Matters

GitHub has confirmed a cyberattack where a threat actor claimed to have stolen and was attempting to sell company data online. The incident involved unauthorized access to some of its internal repositories.

Font size

GitHub has confirmed a cyberattack involving unauthorized access to some of its internal repositories after a threat actor claimed it had stolen and was attempting to sell company data online. In a series of posts shared on X (formerly Twitter), the Microsoft-owned subsidiary said it has “detected and contained a compromise of an employee device involving a poisoned VS Code extension.” Github further said the malicious extension was removed, the affected endpoint was isolated and incident response measures were launched immediately. The platform also stated that its “current assessment is that the activity involved exfiltration of GitHub-internal repositories only,” while saying the attacker’s claims of accessing around 3,800 repositories are “directionally consistent” with the company’s investigation so far. The company said it has already rotated critical secrets and prioritised “highest-impact credentials” to reduce risk. GitHub also said it continues to analyse logs and monitor systems for additional suspicious activity.

Threat actor claims GitHub source code being sold

The incident became public after a threat actor known as TeamPCP allegedly listed GitHub source code and internal organisations for sale on a cybercrime forum. According to a report by The Hacker News, the group claimed to possess data from nearly 4,000 repositories and said the asking price was at least $50,000. Screenshots shared online reportedly showed the attackers saying: “We do not care about extorting GitHub. ” "As always, this is not a ransom," the group said in a post, according to screenshots shared by Dark Web Informer. "We do not care about extorting GitHub, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found, we leak it for free." The same threat group has also reportedly been linked to recent attacks involving malicious Python packages.

Attack linked to poisoned VS Code extension

GitHub has revealed that the breach was connected to a poisoned Microsoft Visual Studio Code extension installed on an employee device. “We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” the company said. “We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants. We will publish a fuller report once the investigation is complete,” Github said in the post.

End of Article

Open Questions

  • What specific internal repositories were accessed?
  • What is the full extent of the exfiltrated data?
  • How did the threat actor compromise the VS Code extension?
  • What are the long-term security implications for GitHub and its users?

Related Topics

cyberattack
OrganizationsGitHubMicrosoftTeamPCPThe Hacker News
Topicsdata breachgithubmicrosoftvs codethreat actorsource code
This article was originally published by Times of India.

Related Stories

Microsoft CEO Satya Nadella: The Real AI Advantage is the 'Learning Loop'
Developing·5h ago

Microsoft CEO Satya Nadella: The Real AI Advantage is the 'Learning Loop'

Microsoft CEO Satya Nadella argues that the true AI advantage lies not in selecting the best frontier model, but in building a proprietary 'learning loop' around it. This system, trained on a company's unique data and judgment, creates defensible intellectual property, contrasting with the subscription-based model of frontier models alone. Nadella warns against ceding all value to a few AI models, drawing parallels to the economic consequences of early globalization.

Times of India
More on this topiccyberattack