HomeTechnologyGitHub says hackers stole data from thousands of internal repositories

GitHub says hackers stole data from thousands of internal repositories

TechnologyMay 20, 2026
2 min read
GitHub says hackers stole data from thousands of internal repositories
The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.
Reading Settings

GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories.

The code hosting and sharing giant said in a series of posts on X that it has “no evidence of impact to customer information stored outside of GitHub’s internal repositories,” but noted its investigation was ongoing. GitHub said it “detected and contained a compromise of an employee device involving a poisoned VS Code extension,” referring to a plug-in for Visual Studio Code, a popular code editor that developers use for programming.

Hackers are increasingly targeting popular open source projects, including coding extensions, with the aim of compromising developers’ computers and their projects. Targeting popular projects allows hackers to gain access to vast numbers of computers at the same time, magnifying the impact of their attacks. 

GitHub did not name the compromised extension.

The Record and Bleeping Computer report that a hacking group called TeamPCP has taken credit for the GitHub breach and is selling the data on a cybercrime forum.

GitHub did not immediately respond to a request for comment about the incident, or answer questions on whether it has received any communication from the hackers, such as a demand for ransom.

TeamPCP previously claimed credit for a data breach at the European Commission that resulted in the theft of more than 90 gigabytes of data from the cloud storage of the EU’s executive arm. The hackers had stolen the European Commission’s cloud key during an earlier breach at Trivy, a vulnerability scanning tool, by pushing info-stealing malware to Trivy’s downstream users.

OpenAI was also targeted recently in a similar but separate attack that saw hackers break into TanStack, a platform used by web developers, to push updates containing malware that let the hackers steal passwords and tokens from users.

Source: TechCrunch

Share this article

Related Articles

The Download: metric weaknesses and AI elephant warnings
Jun 298 hours ago

The Download: metric weaknesses and AI elephant warnings

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. The inevitable weakness of metrics There are plent

technologyreview.com7 min read
Read More
The Anti-Data-Center Movement Is Reshaping Michigan Politics
Jun 298 hours ago

The Anti-Data-Center Movement Is Reshaping Michigan Politics

Climate activist Will Lawrence cofounded the Sunrise Movement. Now, he has shifted his focus in his attempt to compete for a swing-district seat by calling for a data center moratorium.

6a3db00dba0b44838affabce6 min read
Read More