A single malicious VS Code extension installed on one employee's machine gave hackers access to roughly 3,800 internal GitHub repositories, the Microsoft-owned platform confirmed on Wednesday. The breach, detected May 19, is the latest in a series of supply chain attacks this year by the hacking group TeamPCP.
GitHub said it rotated critical secrets immediately after detection, prioritizing highest-impact credentials first. "The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far," the company stated on X. The exfiltration was limited to GitHub-internal repositories, with no evidence customer data was accessed.
TeamPCP is now attempting to sell the stolen data on a cybercrime forum for at least $50,000, advertising access to "GitHub's source code and internal orgs." The group said it is not holding GitHub to ransom, it wants a single buyer, after which the data will be shredded. "If no buyer is found. We will leak it free," the hackers posted. The breach vector is a growing concern across the industry. VS Code extensions have full access to everything on a developer's machine, credentials, SSH keys, cloud keys, and secrets, according to Aikido Security researcher Charlie Eriksen.
"A single VS Code extension on one employee's machine was enough to get access to 3,800 internal GitHub repositories," Aikido's Mackenzie Jackson said. "Most security teams still have zero visibility into what extensions or packages are on their developers' machines."
GitHub has since removed the trojanized extension from the VS Code marketplace and isolated the compromised endpoint. The company said it will publish a full incident report at a later date.
TeamPCP has been running a coordinated campaign targeting developer tooling throughout 2026. The group previously compromised Trivy, Checkmarx, Bitwarden CLI, and TanStack, the latter of which also impacted OpenAI employees via the "Mini Shai-Hulud" campaign. In each case, the attackers exploited developer tools and package managers to infiltrate downstream systems. The same pattern emerged in the European Commission breach, where TeamPCP obtained the EU executive's cloud key during an earlier Trivy compromise and stole over 90 gigabytes of data, according to The Record and Bleeping Computer.
GitHub's updated statement on May 21 linked the breach specifically to the TanStack npm supply-chain attack, revealing the employee had installed a malicious version of the Nx Console extension.
Trojanized VS Code extensions are not new. Last year, extensions with 9 million installs were pulled over security risks, and 10 more posed as legitimate tools to infect users with cryptominers. In January, two malicious AI coding assistant extensions with 1.5 million installs exfiltrated data to servers in China.
GitHub recommended users enable two-factor authentication and add a passkey as account protection against follow-on phishing attacks leveraging the breach.
