GitHub Data Breach Exposes 3,800 Internal Repositories

GitHub confirmed a data breach on May 20, 2026, after a threat actor gained access to approximately 3,800 of the platform's internal code repositories. The entry point was a single employee device compromised through a malicious Visual Studio Code extension. The hacking group TeamPCP, formally tracked by Google Threat Intelligence as UNC6780, has claimed responsibility and is offering the stolen data for sale on a cybercrime forum.

How the Attack Unfolded

GitHub detected the breach on May 19. Investigation confirmed that attackers compromised a developer's corporate device, with a poisoned VS Code extension serving as the entry point. The specific extension identified was Nx Console version 18.95.0, a backdoored build published to the VS Code Marketplace on May 18, 2026.

GitHub responded by isolating the infected device, removing the malicious extension, and rotating high-impact credentials overnight. The company confirmed that the attacker's claim of roughly 3,800 affected repositories was directionally consistent with its own findings.

What Was Accessed

Internal repositories of this kind can contain infrastructure configurations, deployment scripts, staging credentials, and internal API schemas. Access at that level goes beyond a standard data breach, it represents an infrastructure intelligence leak.

GitHub stated that customer data stored outside its internal repositories has not been affected. Enterprise environments and public or private user repositories are not believed to have been accessed. The company added that it will notify any customer if evidence of wider impact emerges.

TeamPCP and the Wider Supply Chain Campaign

The GitHub breach did not happen in a vacuum. TeamPCP has been running a sustained campaign against open source infrastructure since at least March 2026.

Trend Micro tracked at least seven confirmed waves of the group's Mini Shai-Hulud supply chain worm, hitting targets that include AquaSecurity's Trivy vulnerability scanner, Checkmarx KICS, LiteLLM, Bitwarden CLI, and TanStack in May 2026. The TanStack attack separately affected OpenAI, where attackers pushed malware-laced updates to steal passwords and tokens. Grafana was also caught in the fallout after a stolen GitHub token from the same campaign was used to access its internal codebase.

TeamPCP previously claimed credit for a breach at the European Commission that resulted in the theft of more than 90 gigabytes of data from the EU executive arm's cloud storage. That attack was traced back to an earlier compromise of Trivy, the same vulnerability scanning tool targeted in this campaign.

The Sale Listing

TeamPCP listed the stolen data on the Breached cybercrime forum, asking a minimum of $50,000 for a single buyer. The group stated it would release everything for free if no buyer came forward, framing the offer as a sale rather than a ransom. After GitHub's public confirmation, an account linked to TeamPCP posted that the company had known for hours before disclosing the breach. GitHub has not publicly responded to that claim.

Why Developer Tooling Is the New Attack Surface

This breach follows a clear and repeating pattern. Attackers are no longer focusing exclusively on perimeter vulnerabilities or unpatched servers. They are targeting the tools developers use every day and the trust those tools carry.

A VS Code extension runs with the same privileges as the editor itself, which means a single poisoned package can give an attacker the same access as the developer running it. The Nx Console extension had 2.2 million installs and verified publisher status before it was backdoored. That level of apparent legitimacy makes it extremely difficult to identify the risk before it causes damage.

What This Means for Organizations Using GitHub

GitHub serves more than 180 million developers and is used by over 90 percent of Fortune 100 companies. A breach of its internal repositories carries risk well beyond the immediate incident, particularly if the stolen data contains details about how the platform itself is built or secured.

The investigation is ongoing. Organizations that rely on GitHub for their development pipelines should monitor official communications from the company and treat any unusual activity in connected systems or token-based integrations with heightened scrutiny.

The broader lesson is structural. When a single malicious extension installed on one device can expose thousands of internal repositories at one of the world's most security-conscious software platforms, every organization needs to ask hard questions about how much trust it extends to developer tooling by default.