Massive GitHub breach affects 3,800 repositories as TeamPCP seeks $50,000 for stolen code
Security

Massive GitHub breach affects 3,800 repositories as TeamPCP seeks $50,000 for stolen code

Nearly 4,000 private GitHub repositories were compromised due to a malicious Visual Studio Code extension, prompting immediate internal investigations and urgent security measures.

Editorial
Editorial Staff
14 hours ago 1 min read
NeboAI I summarize the news with data, figures and context
IN 30 SECONDS

35 sec read time You saved ~1 min
IN 1 SENTENCE

SENTIMENT
Neutral

𒀭
NeboAI is working, please wait...
Preparing detailed analysis
Quick summary completed
Extracting data, figures and quotes...
Identifying key players and context
DETAILED ANALYSIS
SHARE
Was this helpful?

NeboAI produces automated editions of journalistic texts in the form of summaries and analyses. Its experimental results are based on artificial intelligence. As an AI edition, texts may occasionally contain errors, omissions, incorrect data relationships and other unforeseen inaccuracies. We recommend verifying the content.

© NeboAI 2025 About Nebo

GitHub confirmed a breach affecting thousands of its internal repositories, attributed to a compromised device of an employee via a malicious Visual Studio Code extension. The company detected the breach and contained it on the previous day, taking steps to remove the harmful extension from the VS Code Marketplace and isolating the affected device.

The hacker group TeamPCP claimed responsibility for accessing nearly 4,000 private repositories and stated they exfiltrated internal source code and sensitive data, seeking at least $50,000 from potential buyers for the stolen information. They clarified that this transaction was not a ransom demand but a sale, threatening to make the repositories public if no buyer is found.

GitHub's investigation revealed that the attackers' claims about accessing approximately 3,800 repositories align with initial findings. As a precaution, the company has rotated critical credentials and is actively monitoring for further malicious activity. TeamPCP has a history of involvement in significant cyber campaigns targeting platforms like GitHub and PyPI, highlighting the ongoing risk posed by malicious VS Code extensions in the developer ecosystem.

Tags: github visual studio code data breach teamcpc cybersecurity software development
Want to read the full article? Access the original article with all the details.
Read Original Article
TL;DR

This article is an original summary for informational purposes. Image credits and full coverage at the original source. · View Content Policy

Editorial
Editorial Staff

Our editorial team works around the clock to bring you the latest tech news, trends, and insights from the industry. We cover everything from artificial intelligence breakthroughs to startup funding rounds, gadget launches, and cybersecurity threats. Our mission is to keep you informed with accurate, timely, and relevant technology coverage.

8285 articles →

Related Articles

Consumers Unprotected as FTC Hits Marketers with Nearly $1 Million Fine for Privacy Breach

Waymo Halts Atlanta Robotaxi Service as Flooding Highlights Vulnerability

Thousands of developers at risk as GitHub confirms data breach from internal repositories

Open Source Software Faces Major Threat as Hacker Group Infiltrates Codebases

ShinyHunters' Rise from France: How This Hacking Network Affects Global Security

Massive GitHub breach exposes vulnerabilities in popular coding tool, affecting thousands

GitHub's Security Breach Exposes Over 3,800 Repositories, Impacting Developers Nationwide

GitHub Users on Alert: 3,800 Internal Repositories Compromised in Recent Breach

Hackers compromise sensitive medical data of 1.8 million NYC Health patients in breach
Press Enter to search or ESC to close