← BACK TO FEED
supply chain attackGitHubVS CodeTeamPCPdeveloper security

One Dodgy VS Code Extension Later, GitHub Lost 3,800 Internal Repos

GitHub confirmed that approximately 3,800 internal repositories were compromised in a supply chain attack carried out by the hacking group TeamPCP, after an employee installed a malicious VS Code extension on their machine. The attackers claimed to have stolen source code and internal data, offering it for sale for at least $50,000 on an underground forum. GitHub responded by rotating critical credentials and launching an investigation, noting that the attack highlights the significant security risk posed by unvetted developer tools and extensions.

GitHub has confirmed that around 3,800 of its internal repositories were compromised in a supply chain attack traced back to a single poisoned VS Code extension installed by one of its employees.

The hacking group TeamPCP claimed responsibility on Tuesday, posting about the breach on an underground forum and putting the allegedly stolen source code and internal org data up for sale at a starting price of $50,000. They initially claimed around 4,000 repositories. GitHub's own investigation, launched shortly after, put the number at roughly 3,800, so definitely close enough to be embarrassing.

"The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far," GitHub said in a statement, adding that it had immediately begun rotating credentials, starting with the most sensitive ones.

GitHub hasn't named the malicious extension or detailed exactly what data was sitting on the compromised machine. What it has confirmed is that the breach appears limited to internal repositories rather than user-facing infrastructure -- cold comfort, but something.

For context on how bad this attack surface actually is: VS Code extensions run with essentially unrestricted access to a developer's machine. Credentials, SSH keys, cloud tokens, the lot. Security researcher Charlie Eriksen at Aikido Security has been pointing this out for a while. Developer workstations are a goldmine, and the tooling ecosystem around them has grown far faster than anyone's ability to secure it.

TeamPCP, meanwhile, has been on a tear. Trivy, Checkmarx, Bitwarden CLI, TanStack, and now GitHub -- all hit in 2026, all through compromised developer tooling. Mackenzie Jackson from Aikido put it plainly: "A single VS Code extension on one employee's machine was enough to get access to 3,800 internal GitHub repositories. Most security teams still have zero visibility into what extensions or packages are on their developers' machines."

That visibility gap is the whole story here. It doesn't matter how locked down your cloud infrastructure is if someone on your engineering team installs a malicious extension and hands over the keys anyway. GitHub has promised a full post-incident report. Whether the industry takes the underlying lesson seriously is another question entirely.