A single employee’s decision to install a compromised Visual Studio Code extension led to a major internal breach at GitHub, resulting in the theft of approximately 3,800 private repositories. The cybercriminal group known as TeamPCP has taken responsibility for the attack and is now demanding $50,000 for the stolen data.
There is a certain irony in the situation GitHub, the very platform that hosts and safeguards much of the world’s code, was itself compromised through a malicious plugin embedded within a trusted developer tool. Despite the unexpected nature of the incident, GitHub confirmed the breach over the weekend.
According to reports, the attack began when an employee downloaded a tampered VS Code extension from the official marketplace. That single installation was enough to infect their system, allowing attackers to gain unauthorized access to thousands of GitHub’s internal repositories. While the company quickly identified the issue, isolated the affected device, and removed the malicious extension from distribution, the attackers had already succeeded in extracting sensitive data.
GitHub publicly addressed the incident through a series of statements on X (formerly Twitter), noting:
“Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.”
The company also clarified the scope of the breach, stating:
“Our current assessment indicates that only internal GitHub repositories were exfiltrated. The attacker’s claim of approximately 3,800 repositories aligns directionally with our findings so far.”
Shortly afterward, TeamPCP publicly claimed responsibility on the Breached cybercrime forum. The group said it had obtained access to GitHub source code and nearly 4,000 private repositories. They are attempting to sell the data for at least $50,000, framing the offer as a “single-buyer” deal rather than a traditional ransom. As is common in such cases, they warned that if no buyer emerges, the data could be released publicly for free. Their pricing suggests they consider the stolen material to be of significant value.
This is not the group’s first operation of this kind. TeamPCP has previously carried out supply chain attacks targeting ecosystems such as PyPI and npm. They were also linked to the recent “Mini Shai-Hulud” campaign, which reportedly affected employees at OpenAI. Their strategy follows a consistent pattern: compromise trusted tools within the development ecosystem, inject malicious components, and rely on the widespread use of those tools to amplify the impact.
GitHub has stated that, so far, there is no evidence indicating that customer data outside the affected internal repositories has been exposed. However, the investigation remains ongoing as the company continues to assess the full extent of the breach.
What makes this incident particularly troubling is how predictable it is. The VS Code marketplace has long struggled with malicious extensions bypassing safeguards, and similar cases have surfaced repeatedly over the years. Each time, the response tends to follow the same cycle: the harmful extension is removed, a post-incident analysis is conducted, and developers are reminded to exercise caution when installing third-party tools yet the problem continues to recur.
This breach, however, raises the stakes significantly. Unlike previous incidents involving individual users, this attack targeted a developer within one of the most security-focused organizations in the world. The extension appeared legitimate enough to pass scrutiny, but that single moment of trust ultimately led to a large-scale compromise impacting thousands of internal repositories.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
