A GitHub employee installed a malicious VS Code extension, and that single mistake gave hackers access to roughly 3,800 of the company’s internal code repositories.
GitHub confirmed the data breach today, saying its security teams detected the compromise quickly, pulled the extension from the VS Code marketplace, and locked down the affected device. The company has not named the specific extension involved.
A group calling itself TeamPCP claimed responsibility, posting on the Breached cybercrime forum that it had GitHub’s source code plus around 4,000 private repositories, and was looking for a single buyer willing to pay at least $50,000.
The group later said it had received a $95,000 offer. GitHub acknowledged that the 4,000-repo figure was roughly in line with what its own investigation had found, putting the actual number closer to 3,800.
TeamPCP framed it less as extortion and more as a one-time sale. One buyer, they said, and the data gets deleted. No buyer, and they leak it for free. “It looks like our retirement is soon,” the group wrote in the forum post.
On the customer side, GitHub says there is currently no evidence that anything outside its internal repositories was touched. That means private user repos, organization data, and other customer information appear to be unaffected, though the company said it would notify users if that changes.
This is not an isolated incident for the VS Code marketplace. The platform has had a persistent problem with malicious extensions.
Last year alone, extensions with 9 million installs were pulled over security concerns, another batch installed a cryptominer on developer machines, and two AI coding assistant extensions with 1.5 million combined installs were caught sending data to servers in China.
READ: GitHub Adds Claude and OpenAI Codex as Native AI Coding Agents
The marketplace is large and moves fast, which has historically made it difficult to catch bad actors before they rack up significant install counts.
TeamPCP has a track record beyond this data breach. The group has previously been connected to supply chain attacks targeting PyPI, NPM, and Docker, and was also linked to a campaign that affected two OpenAI employees.
GitHub says it is still going through logs, rotating credentials, and watching for any follow-up activity. A fuller public report is expected once the investigation wraps up.
