*Update May 20, 04:17 EDT: GitHub has now [confirmed the breach of ~3,800 internal repositories](https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/) after an employee installed a malicious VS Code extension.* **GitHub**, the widely-used cloud-based development platform, is investigating a breach of its internal repositories. This follows claims by the hacker group **TeamPCP** that they accessed approximately 4,000 repositories containing private code. With over 4 million organizations, including 90% of the Fortune 100, and over 180 million developers contributing to more than 420 million code repositories, GitHub's security is paramount. ### Investigation Underway The company has stated that they are investigating the unauthorized access but have not yet shared further details. They currently have no evidence that customer data stored outside its internal repositories has been affected. "We are investigating unauthorized access to GitHub's internal repositories," GitHub told BleepingComputer. "While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity." GitHub has assured that all affected customers will be alerted through established notification and incident response channels if any evidence of impact is discovered. ### TeamPCP's Claims **TeamPCP** claimed access to "Github's source code and internal orgs" on the Breached hacking forum, demanding at least $50,000 for the data. "No low ball offers will be accepted, everything for the main platform is there and I very am happy to send samples to interested buyers to verify the absolute authenticity. There is a total of around ~4,000 repos of private code here," they stated. They further added, "As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free. If you are interested. Send your offers to the communications below, we are not interested in under 50k, the best offer will get it." ### TeamPCP's History **TeamPCP** has a history of supply chain attacks targeting developer code platforms, including GitHub, **PyPI**, **NPM**, and **Docker**. In March, the group compromised **Aqua Security's Trivy vulnerability scanner**, leading to subsequent compromises affecting Aqua Security Docker images and the Checkmarx KICS project. The **Trivy** breach also affected the **LiteLLM** open-source Python library, infecting tens of thousands of devices with the "TeamPCP Cloud Stealer" information-stealing malware. More recently, they were linked to the "Mini Shai-Hulud" supply-chain campaign, impacting **OpenAI** employees, and threatened to leak **Mistral AI** source code stolen using compromised CI/CD credentials. <div> <a rel="noopener nofollow" href="https://hubs.li/Q048zztN0"><img alt="article image" src="https://www.bleepstatic.com/c/p/validation-gap.jpg"></a> <div> <h2><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">The Validation Gap: Automated Pentesting Answers One Question. You Need Six.</a></h2> <p>Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.</p> <p>This guide covers the 6 surfaces you actually need to validate.</p> <p><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">Download Now</a></p> </div> </div>