Posted May 20, 2026 at 4:44 PM UTCEExternal LinkGitHub says a data breach impacted 3,800 internal repositories.The company traced the incident to a “poisoned” VS Code extension on an employee’s device. While the hacking group TeamPCP has claimed responsibility for the breach, GitHub says it has since removed the malicious extension and that the exfiltration was limited to internal data, as reported by Bleeping Computer.Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.Emma Roth
GitHub says a data breach impacted 3,800 internal repositories.
The company traced the incident to a “poisoned” VS Code extension on an employee’s device. While the hacking group TeamPCP has claimed responsibility for the breach, GitHub says it has since removed the malicious extension and that the exfiltration was limited to internal data, as reported by Bleeping Computer. [Link: GitHub confirms breach of 3,800 repos via malicious VSCode extension | https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/ | BleepingComputer]
87 words~1 min read
