.png){kind=logo}
GitHub launched an investigation regarding a cyberattack that may have exposed thousands of its internal repositories after hackers reportedly used a malicious Visual Studio Code extension to compromise an employee’s device.
The incident came to attention after a threat actor group called TeamPCP claimed it had stolen GitHub source code and internal organizational data. The group allegedly attempted to sell the stolen information online and claimed access to nearly 4,000 private repositories.
Later, GitHub confirmed the incident. It stated that the cyberattack was connected to the installation of the poisoned VS Code extension on the device of one of its employees. The extension reportedly allowed attackers to gain access to internal repositories through the compromised device.
The company immediately took some measures to mitigate the damage. Thus, it removed the malicious extension, isolated the employee's computer, and started the internal investigation. In addition, GitHub decided to rotate security credentials and internal secrets to be safe.
Currently, the company claims there is no evidence that customer repositories, enterprise accounts, or user organizations were affected by the attack. It is convinced that the incident did not affect external customers. Nonetheless, GitHub agrees that the attackers' claim of having accessed around 3,800 repositories seems to be broadly true.
The recent cyberattack highlights the growing risks associated with software supply chain attacks and the use of malicious extensions for browsers and other software. Researchers report an increasing number of cases in which cybercriminals use malicious VS Code extensions to obtain developers' credentials.
This is also not the first cybersecurity incident involving compromised developer tools. Over the past year, several attacks have involved malicious software packages, infected plugins, and stolen GitHub credentials, highlighting the growing risks within the software development ecosystem.
Also Read: 10 Must-Have GitHub Integrations in 2026
