GitHub's internal information was leaked, resulting in unauthorized access to approximately 3,800 repositories via a Visual Studio Code extension.

On May 20, 2026, GitHub announced that employee devices had been compromised by a 'VS Code extension containing malicious code,' resulting in data from internal GitHub repositories being transmitted externally. The attackers claim to have accessed approximately 3,800 repositories, and GitHub stated that 'the attackers' claims are largely consistent with our investigation.'

Investigating unauthorized access to GitHub-owned repositories - The GitHub Blog

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.

Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version,…

— GitHub (@github) May 20, 2026

GitHub confirms breach of 3,800 repos via malicious VSCode extension
https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/

A repository is a storage location that manages source code, configuration files, and related data used in development. GitHub internal repositories refer to internal repositories used by GitHub itself for development and operations. According to GitHub, the data that appears to have been sent externally is limited to GitHub internal repositories, and there is no evidence that customer information stored outside of GitHub internal repositories, such as corporate accounts, organizations, or repositories owned by GitHub users, was affected. However, since some GitHub internal repositories may contain customer information, such as excerpts of support responses, GitHub states that if an impact is discovered, customers will be notified through the normal incident response channels.

The entry point for the attack was an extension for Microsoft's code editor, 'Visual Studio Code (VS Code).' VS Code extensions are mechanisms for adding features such as code completion, framework support, and cloud integration, and can become deeply integrated into a developer's work environment. While convenient, if malicious code is embedded in an extension, there is a risk that tokens, SSH keys, cloud credentials, and configuration files on the development terminal will be targeted.

GitHub explains that it detected and contained the compromise on employee devices on May 18, 2026. GitHub removed the problematic extension version, isolated the compromised devices, and initiated incident response. Furthermore, GitHub stated that it prioritized high-impact credentials and rotated secrets, which are important sensitive information used for service integration and authentication, between May 18 and May 19, 2026.

Although the official GitHub blog doesn't explicitly mention the extension name, it does include a link to a security advisory for Nx Console titled ' Compromised Nx Console version 18.95.0 ' as a 'VS Code extension containing malicious code.' According to the Nx Console advisory, the affected version is 18.95.0, and the corrected version is 18.100.0. The malicious version was reportedly available on the Visual Studio Marketplace for about 18 minutes and on OpenVSX for about 36 minutes.

The Nx Console advisory explains that a malicious extension was attempting to collect credentials from disk and memory. Targets included GitHub tokens, npm tokens, AWS-related information, HashiCorp Vault, Kubernetes, 1Password, private keys, connection strings, and Docker and GCP credentials. The collected data was reportedly sent externally via HTTPS, the GitHub API, and DNS.

According to BleepingComputer, the attacker group 'TeamPCP' claimed on the cybercrime forum 'Breached' that they had accessed GitHub's source code and 'approximately 4,000 private code repositories,' and were attempting to sell the stolen data for at least $50,000 (approximately 8 million yen). However, GitHub has not yet publicly identified the attackers, and GitHub has not definitively identified TeamPCP as the attackers.

TeamPCP is a group that has been reported to be linked to supply chain attacks targeting developer platforms and open-source package distribution channels. A supply chain attack is an attack method that does not directly attack the final target, but rather exploits trusted mechanisms in the development and distribution process, such as development tools, dependent packages, extensions, and CI/CD configurations. VS Code extensions are used daily by developers, making them a convenient stepping stone for attackers to gain access to authentication information and internal code.

GitHub says it is continuing to analyze logs, verify secret rotations, and monitor for additional suspicious activity, and will release a more detailed report once its investigation is complete. GitHub explains that 'if any customer impact is found, we will contact customers through our standard incident response and notification channels.'