GitHub says hackers stole data from thousands of internal repositories

GitHub, the popular developer platform owned by Microsoft, confirmed that it had been breached and attackers had stolen data from around 3,800 internal code repositories.

The hosting and code sharing giant said in a series of posts on X that it “has no evidence of impact on customer information stored outside of GitHub’s internal repositories,” but noted that its investigation was ongoing. GitHub said it “detected and contained a compromise of an employee device that included a poisoned VS Code extension,” referring to a plugin for Visual Studio Code, a popular code editor that developers use for programming.

Hackers are increasingly targeting popular open source projects, including coding extensions, with the goal of compromising developers’ computers and their projects. Targeting popular projects allows hackers to gain access to a huge number of computers at once, magnifying the impact of their attacks.

GitHub does not name the compromised extension.

The Record and Bleeping calculator report that a hacking group called TeamPCP has taken credit for the GitHub breach and is selling the data on a cybercrime forum.

GitHub did not immediately respond to a request for comment on the incident, nor did it respond to questions about whether it has received any communication from the hackers, such as a ransom request.

TeamPCP previously claimed credit for a data breach at the European Commission that resulted in the theft of more than 90 gigabytes of data from the EU executive arm’s cloud storage. Hackers had stolen the European Commission’s cloud key during an earlier breach of Trivy, a vulnerability scanning tool, by pushing information-stealing malware to Trivy’s downstream users.

OpenAI was recently targeted in a similar but separate attack that saw hackers break into TanStack, a platform used by web developers, to push updates containing malware that allow hackers to steal passwords and tokens from users.