GitHub Hack Scare: Attackers Claim They Stole Internal Source Code, Thousands of Private Repositories Now Up for Sale
Hackers claim to have breached GitHub’s internal systems, stealing nearly 4,000 private repositories through a malicious Visual Studio Code extension. The group, TeamPCP, is allegedly selling the stolen data for $50,000, raising fears of future supply chain attacks despite GitHub’s assurance that user data remains safe.
A massive cyber scare has shaken GitHub, the platform used by millions of developers around the world to store and manage software code.
Hackers are claiming they broke into GitHub’s internal systems, stole thousands of private repositories, and are now trying to sell the data online for over $50,000.
The group behind the alleged attack, called TeamPCP, says it accessed nearly 4,000 private repositories linked to GitHub’s internal operations including source code that helps run the platform itself.
How the Hack Happened
GitHub confirmed that attackers gained access after an employee’s device was compromised through a malicious Visual Studio Code extension.
In simple words, a fake or “poisoned” coding extension became the entry point for the hackers.
The Microsoft-owned company said it quickly removed the extension, isolated the affected device, and started an emergency investigation.
What Exactly Was Stolen?
According to the hackers, the stolen data includes:
- Internal GitHub source code
- Private repositories
- Internal organisation files
- Backend system information
The group has even shared screenshots and file lists online to prove the breach is real.
Cybersecurity experts say this is worrying because internal code can act like a blueprint of how a platform works. Even if customer data wasn’t directly stolen, attackers could use this information to hunt for security weaknesses later.
Are GitHub Users Affected?
Right now, GitHub says there is no evidence that user repositories, enterprise accounts, or customer data were compromised.
But the company also admitted that the hackers’ claim about accessing around 3,800 repositories matches what investigators are currently seeing.
That means the investigation is still ongoing, and the full impact may not be clear yet.
Why This Is a Big Deal
GitHub is one of the most important platforms on the internet. From startups to giant tech companies, millions of apps and websites rely on code hosted there.
If hackers truly accessed GitHub’s internal systems, security researchers fear the stolen information could later be used in larger software supply chain attacks.
This is especially serious because modern cyberattacks often happen in stages:
first hackers break in quietly, then study the system, and later launch bigger attacks using the information they gathered.
Who Is TeamPCP?
TeamPCP has been linked to several recent attacks targeting developer tools and open-source software systems.
Security researchers connected to Google Threat Intelligence Group reportedly track the group under the name UNC6780.
The hackers also posted a message online claiming they are not trying to “extort” GitHub. Instead, they say they want a buyer for the stolen data and if nobody pays, they may leak everything publicly for free.
What GitHub Is Doing Now
GitHub says it has already:
- Rotated sensitive credentials
- Started monitoring for follow-up attacks
- Investigated affected systems
- Removed the malicious extension
- Begun a full incident response process
The company says it will release a detailed report once the investigation is complete.
Meanwhile, security experts are advising developers to rotate API keys, review access permissions, and stay alert for suspicious activity connected to their GitHub accounts.
Get Current Updates on India News, Entertainment News, Cricket News along with Latest News and Web Stories from India and around the world.
Published By : Priya Pathak
Published On: 20 May 2026 at 12:56 IST