MEDIUMData Breach
Global

GitHub Hacked, Internal Repositories Offered for Sale

·Source: Bank Info Security

Updated:

Executive Summary

A Single Developer Downloaded a Poisoned VS Code Extension, and Now Look GitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisone

Analysis

A Single Developer Downloaded a Poisoned VS Code Extension, and Now Look GitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisoned VS Code script, which is developed by Microsoft. TeamPCP and Lapsus$ appear to be cooperating to sell the stolen data for $95,000.

Indicators of Compromise (2)

URL (1)
https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/github-hacked-internal-repositories-offered-for-sale-image_small-7-a-31739.jpg
VirusTotalURLhaus
Domain (1)
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
VirusTotalURLhaus
Source Attribution

Originally published by Bank Info Security on May 20, 2026.

Related Threats

HIGHData Breach

GitHub Confirms Breach, 4K Internal Repos Stolen

Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.

Dark Reading
HIGHData Breach

Processes and Culture Top Reasons Behind Data Breaches

Government leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short.

Dark Reading
HIGHData Breach

Grafana breach caused by missed token rotation after TanStack attack

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]

BleepingComputer