GitHub Confirms Breach via Malicious VS Code Extension, Attacker Claims 3,800 Repos Stolen

**TL;DR: GitHub confirmed that a malicious Visual Studio Code extension compromised an employee device, granting attackers access to about 3,800 internal repositories. The threat actor TeamPCP claims to have stolen proprietary source code and is offering it for sale.

On May 20, 2026, GitHub disclosed that a poisoned VS Code extension led to unauthorized entry into its internal networks. The extension was installed on an employee's workstation, giving the attacker a foothold without triggering traditional perimeter defenses. Security analysts noticed unusual API calls to internal repository endpoints and traced them to a compromised device. GitHub forced a password reset for the affected account, isolated the endpoint, and removed the malicious extension version from the marketplace.

Investigation showed the actor accessed roughly 3,800 private repositories, matching the claim made by the group TeamPCP. The malicious extension masqueraded as a popular linting utility, allowing it to harvest OAuth tokens and SSH keys stored locally. TeamPCP asserted it exfiltrated proprietary data and source code, and is advertising the dataset on underground forums for over $50,000. GitHub confirmed no public or customer-hosted repositories were affected, and that critical secrets were rotated overnight to limit further exposure.

The incident highlights how trusted developer tools can become supply chain vectors when compromised. Malicious extensions can bypass code signing and reputation checks, allowing stealthy credential theft and data exfiltration. Organizations that rely on IDE plugins must treat them as privileged code execution environments and review their provenance regularly. This case also underscores the value of maintaining a software bill of materials for all developer tooling.

Security teams should enforce allow‑lists for VS Code extensions, verify publisher signatures, and monitor for unexpected outbound connections from developer endpoints. Rotate any tokens or secrets that may have been exposed, and apply MFA to all privileged accounts. Deploy detection rules for MITRE ATT&CK technique T1195 (Supply Chain Compromise) and T1078 (Valid Accounts) by reviewing extension installation logs and auth token usage. Additionally, look for anomalous git clone or fetch commands originating from non-standard user agents as a possible indicator of compromise.

Expect GitHub’s full post-mortem report, any appearance of the stolen data on marketplaces, and a potential rise in similar attacks targeting IDE ecosystems across the industry. Watch for forthcoming security advisories from Microsoft’s VS Code team that may address extension vetting gaps. Monitoring dark-web forums for offers of the alleged 3,800-repo dataset will also help gauge the breach’s downstream impact.