GitHub is the newest target of a data breach in which hackers from the infamous TeamPCP hackers bypassed its security to gain access to internal systems and steal proprietary source code. This widely used software hosting platform detected the breach on Tuesday, 19 May 2026.
Initial investigation suggests that the attackers compromised a corporate device belonging to one of GitHub‘s developers while the entry point was an unnamed poisoned extension for Microsoft Visual Studio Code (VS Code), a popular tool used for writing software.
This device compromise allowed the attackers to exfiltrate around 3,800 internal code repositories. This is shocking because it means a massive chunk of GitHub’s private codebase is now in adversaries’ hands.
The platform published a technical update on X on 20 May 2026 to lay out its incident response, confirming that it has isolated the infected device, wiped the malicious VS Code extension, and spent the night rotating high-impact credentials and cryptographic keys to revoke the threat actors’ access for good.
TeamPCP Strikes Again
TeamPCP, a financially motivated cybercrime group tracked by Google Threat Intelligence as UNC6780, has claimed responsibility for GitHub’s network intrusion. An X account reportedly linked to the hackers, using the handle xploitrsturtle2, even taunted GitHub for delaying the public announcement of the incident.
As seen by Hackread.com, TeamPCP has listed GitHub’s stolen source code and internal organisation data for sale on a cybercrime forum with an initial asking price of over $95,000.
In their forum post, TeamPCP specified that this is a direct data sale rather than a traditional ransomware extortion scheme, and warned that if a single buyer doesn’t materialize, they will leak the repository archive names and files publicly for free.
An Unsettling Year for Developers
This is the fifth time this year that TeamPCP has successfully targeted a prominent firm. Hackread.com has been highlighting the group’s growing preference for supply chain attacks, especially against developer tooling, with its earlier victims this year including big names like Checkmarx, Bitwarden CLI, and TanStack.
Security experts at Aikido Security highlight that TeamPCP actors automate their campaign using an advanced, self-replicating infostealer worm known as Mini Shai-Hulud, engineered to steal Continuous Integration and Continuous Delivery (CI/CD) credentials, cloud access keys, and Personal Access Tokens from developer environments. After capturing valid tokens, it uses them to publish infected versions of other software packages, such as the official Microsoft Python framework client, durabletask.
In its latest update, GitHub has emphasised that the breach only impacted its internal repositories. The platform also claims that it found no evidence that customer data or infrastructure outside its internal networks were accessed/compromised; however, it is still monitoring its infrastructure for follow-on activity and conducting further investigation. This is a developing situation, and we will publish an update as soon as the company shares more details.
Experts’ Perspectives
Speaking on the incident, security experts shared their analysis with Hackread.com. Charlie Eriksen, Security Researcher at Aikido Security, commented on the technical exposure of VS Code extensions and a separate, largely unreported incident the day before:
“The thing people underestimate about VS Code extensions is that they have full access to everything on the developer’s machine. Credentials, cloud keys, SSH keys, all of it. The day before the GitHub breach was disclosed, a completely separate extension called Nx Console, with 2.2 million installs, was also briefly backdoored. The community caught that one in 11 minutes, which sounds fast until you realise how many machines auto-update in that window.“
“GitHub still hasn’t named the extension used in their breach, and blocking something malicious always depends on it being identified first. EDR doesn’t cover this layer at all. What’s missing for most organisations is any kind of visibility into what’s actually running on developer machines and the ability to control it.”
Mackenzie Jackson, Developer Relations at Aikido Security, explained why developer workstations are the number one target right now and what security teams are still consistently missing: “Developer workstations are the number one target in supply chain attacks right now, and this is exactly why. TeamPCP has compromised Trivy, Checkmarx, Bitwarden CLI, TanStack, and now GitHub, all in 2026, all through developer tooling.
“A single VS Code extension on one employee’s machine was enough to get access to 3,800 internal GitHub repositories. Most security teams still have zero visibility into what extensions or packages are on their developers’ machines, or how recently they were published. That’s the blind spot these attacks keep walking through,“ Mackenzie emphasized.
