On Tuesday, software program improvement platform GitHub’s supply codes had been allegedly placed on sale on-line. As per stories, the menace actor behind this claims to be TeamPCP – a serious on-line hacking group. Following TeamPCP’s claims, GitHub took to X to tell customers that it was investigating a breach, however no consumer information was seemingly accessed by the menace actors.
GitHub is a Microsoft-owned platform that hosts the supply code for a giant portion of the world’s software program. Although take into account that on the time of writing, GitHub claims that solely its personal information was seemingly accessed.
What was the breach?
TeamPCP claims that it breached GitHub’s inside programs and bought entry to its proprietary organisation information and supply code. That’s, the code that runs all the platform.
As per Darkish Internet Informer, the group is in search of greater than $50,000 for the alleged dataset, which it mentioned consists of about 4,000 personal repositories linked to GitHub’s foremost platform. A repository is actually a folder for a mission that tracks each change ever made to it.
Which means any dangerous actors who get entry to this information can seemingly discover new cybersecurity flaws in GitHub’s code which may be exploited.
Who was behind the breach?
TeamPCP, formally tracked by the Google Menace Intelligence Group as UNC6780, is commonly described as a financially motivated menace group linked to software program provide chain assaults focusing on open-source packages.
Earlier in 2026, the group was tied to assaults involving the Trivy Vulnerability Scanner, Checkmarx and LiteLLM.
The group additionally claimed that it might put the info on-line free of charge if it doesn’t get a purchaser. TeamPCP mentioned in its submit: “As all the time, this isn’t a ransom. We don’t care about extorting GitHub, 1 purchaser and we shred the info on our finish, it appears like our retirement is quickly so if no purchaser is discovered, we leak it free of charge.”
The group has additionally printed a public file listing and screenshots displaying repository archive names, and mentioned it’s prepared to offer samples to severe consumers to show authenticity.
GitHub says no consumer information compromised
On X, GitHub confirmed that there had been unauthorised entry to its inside repositories. The corporate added, “Whereas we presently don’t have any proof of impression to buyer data saved outdoors of GitHub’s inside repositories (similar to our clients’ enterprises, organisations, and repositories), we’re intently monitoring our infrastructure for follow-on exercise.”
GitHub additionally mentioned it might notify clients via its established incident response and notification channels if any impression is found.
In a follow-up replace on X, GitHub mentioned it had detected and contained a compromise of an worker gadget involving a poisoned Microsoft Visible Studio Code extension. The corporate added, “We eliminated the malicious extension model, remoted the endpoint, and commenced incident response instantly.”
The Microsoft-owned platform additional acknowledged, “The attacker’s present claims of ~3,800 repositories are directionally in step with our investigation to this point.” That’s, it’s seemingly that round 3,800 repositories had been accessed. GitHub has acknowledged that it’s going to publish a “fuller report” as soon as the investigation is full.
Following the incident, an X account linked to TeamPCP mentioned,”GitHub knew for hours, they delayed telling you they usually will not be trustworthy sooner or later. What a tremendous run, it has been an honour to mess around with the cats over the previous few months.”
– Ends