GitHub Breach: 3,800+ Repos Stolen via VS Code Extension Hack

GitHub has confirmed a significant security incident in which threat actor TeamPCP exfiltrated approximately 3,800 internal repositories after compromising an employee's device through a poisoned Microsoft Visual Studio Code extension. The breach, discovered on May 20, 2026, resulted in the theft of proprietary source code and internal organizational data, which TeamPCP subsequently listed for sale on a cybercrime forum with a minimum asking price of $50,000. GitHub, a Microsoft subsidiary, stated it currently has no evidence of impact to customer data stored outside its internal systems but continues monitoring infrastructure for follow-on activity. The company has rotated critical secrets and high-impact credentials as part of its containment efforts.

The initial attack vector involved a malicious Visual Studio Code extension that allowed TeamPCP to gain foothold on the targeted employee device. While GitHub has not disclosed the specific extension name, cybersecurity researchers noted this follows a pattern similar to the Nx Console compromise, which also distributed a multi-stage credential stealer and supply chain poisoning tool. Organizations using VS Code extensions should audit their installed extensions and verify their security posture using tools like browser fingerprint test to detect potential malicious modifications.

Concurrently, TeamPCP's self-replicating malware campaign, dubbed "Mini Shai-Hulud," expanded its reach by compromising the durabletask PyPI package—an official Microsoft Python client for the Durable Task workflow execution framework. Three malicious versions (1.4.1, 1.4.2, and 1.4.3) were identified after attackers used stolen GitHub secrets to obtain PyPI publishing tokens. According to Wiz, the attackers gained access to a GitHub account, extracted secrets from accessible repositories, and used those credentials to publish the compromised packages directly. Developers should immediately check their environments for these malicious versions and rotate any potentially exposed credentials using a password checker to ensure authentication materials remain secure.

GitHub emphasized it will notify affected customers through established incident response channels if any customer data is determined to be impacted. The company's current assessment indicates the exfiltration was limited to internal repositories only, with the claimed 3,800 repositories being "directionally consistent" with ongoing forensic investigation. TeamPCP claimed in a post that if no buyer was found, they would release the stolen data for free, adding pressure on GitHub's response efforts. Security teams are advised to monitor for unusual repository access patterns and consider implementing additional verification steps for developer environments using tools like VPN/proxy detector to identify potential unauthorized access vectors.