GitHub says hackers stole data from thousands of internal repositories

GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories.

The code hosting and sharing giant said in a series of posts on X that it has “no evidence of impact to customer information stored outside of GitHub’s internal repositories,” but noted its investigation was ongoing. GitHub said it “detected and contained a compromise of an employee device involving a poisoned VS Code extension,” referring to a plugin for Visual Studio Code, a popular code editor that developers use for programming.

Hackers are increasingly targeting popular open-source projects, including coding extensions, with the aim of compromising developers’ computers and their projects. Targeting popular projects allows hackers to gain access to vast numbers of computers at the same time, magnifying the impact of their attacks. 

GitHub did not name the compromised extension.

The Record and Bleeping Computer report that a hacking group called TeamPCP has taken credit for the GitHub breach, and is selling the data on a cybercrime forum.

GitHub did not immediately respond to a request for comment about the incident, or answer questions on whether it has received any communication from the hackers, such as a demand for ransom.

TeamPCP previously claimed credit for a data breach at the European Commission that resulted in the theft of more than 90 gigabytes of data from the cloud storage of the EU’s executive arm. The hackers had stolen the European Commission’s cloud key during an earlier breach at Trivy, a vulnerability scanning tool, by pushing info-stealing malware to Trivy’s downstream users.

OpenAI was also targeted recently in a similar but separate attack that saw hackers break into Tanstack, a platform used by web developers, to push updates containing malware that let the hackers steal passwords and tokens from users.

View Bio