Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform disclosed late Tuesday.

The breach was detected Tuesday and traced to a malicious extension that GitHub’s security team found on the employee’s device. GitHub said the compromise has been contained and that customer data and code stored on the platform were not affected.

“We removed the malicious extension version, isolated the endpoint and began incident response immediately,” GitHub said in a series of posts on X. “Critical secrets were rotated yesterday and overnight with the highest-impact credentials prioritized first.”

GitHub has not named the extension or said how it reached the employee’s device. A fuller post-incident report is promised once the investigation wraps.

The hacking group TeamPCP claimed the breach on the Breached cybercrime forum, posting GitHub’s source code and what it said was about 4,000 private repositories for sale at a starting price of $50,000. TeamPCP said it would sell only to a single buyer and would dump the data publicly if no offer came in. GitHub put the real number closer to 3,800 but said TeamPCP’s claim was “directionally consistent” with what its own investigation had found.

TeamPCP has spent much of 2026 hitting developer ecosystems. Campaigns tied to the group have compromised Aqua Security’s Trivy vulnerability scanner, Checkmarx Inc.’s KICS infrastructure-as-code analyzer, the LiteLLM Python client and Telnyx LLC’s official software development kit, with downstream victims including the European Commission. The group has also used typosquatting on the Python Package Index and, according to security researchers, formed working partnerships with extortion and ransomware operators including Lapsus$ and the Vect ransomware group.

GitHub hosts code for more than 100 million developers, which makes its own source code a prize for attackers looking for footholds across the wider software industry. Visual Studio Code extensions, meanwhile, have become a recurring problem. Researchers have flagged infected listings on the marketplace used to harvest credentials, mine cryptocurrency and exfiltrate data, with some racking up large install counts before being pulled.

Part of the problem is design. Visual Studio Code extensions run with broad permissions on developer machines and sit alongside source code, credentials and build pipelines, which puts them in a position most endpoint security tools cannot see into.

Morey Haber, chief security adviser at privileged access security firm BeyondTrust Corp., told SiliconANGLE via email that the breach is a reminder that developer environments now carry the same strategic value as core enterprise infrastructure.

“Developer workstations now possess the same strategic value as domain controllers, and access to source code repositories, secrets, SSH keys, cloud credentials, signing certificates and deployment pipelines can transform a single compromised endpoint into a cascading supply chain incident,” Haber said. “TeamPCP appears to have understood this attack path, and their recent activity demonstrates a systematic focus on poisoning trusted developer ecosystems rather than directly attacking hardened infrastructure.”

Agnidipta Sarkar, chief evangelist at zero-trust microsegmentation provider ColorTokens Inc., noted that the bigger concern may be what attackers can do with GitHub’s own platform code rather than what they took from the repositories themselves.

“Attackers now have access to GitHub’s own platform code, Actions runners, authentication flows, secret scanning, Copilot backend and more and that is enough knowledge to launch zero-days, convincing phishing or bypasses that affect users later, even if customer repos were not touched,” Sarkar said. “Security teams should treat GitHub as potentially compromised upstream, inventory all GitHub connections and rotate or reset all auth and access, especially API keys and immediately move to cryptographic passwordless identities.”

Image: GitHub