GitHub confirmed that there was unauthorized access to their internal repositories on May 19th after an employee's device was compromised via a malicious VS Code extension. Initial assessments show that hackers managed to steal around 3800 internal GitHub repositories, confirming the claims made by the TeamPCP hacking group that claimed responsibility for the attack.
TeamPCP revealed their hack success on a dark web forum, claiming to have also managed to steal the source code. The stolen data was offered to any buyer willing to pay at least $50,000 (~RM 198,000).
Following the attack, GitHub removed the malicious VS Code extension, isolated the affected devices, and initiated an incident response immediately. GitHub has rolled back all critical secrets, analyzed logs, and monitored for any follow-up activity. A full report of the incident will be published once the investigation is complete.
