Microsoft-owned GitHub confirms breach, says it is investigating TeamPCP’s claim of accessing nearly 4,000 internal repositories: Here is what happened

On 20th May (local time), Microsoft-owned code hosting platform GitHub confirmed that it is investigating unauthorised access to its internal repositories after a hacking group known as TeamPCP claimed that it had stolen source code and internal organisation data from the platform. The group has reportedly put the allegedly stolen data on sale on a cybercrime forum for over $50,000.

In a statement, GitHub stated that it has no evidence so far that customer information stored outside its internal repositories has been affected. This means that customer enterprises, organisations and repositories are not believed to have been accessed at this stage. However, the company added that it is closely monitoring its systems for any further suspicious activity.

How the breach happened

According to GitHub, it detected and contained a compromised employee device. The company said the device was infected through a poisoned Microsoft Visual Studio Code extension. Such extensions are commonly used by developers to add features to their coding software. However, in this case, one malicious version appeared to have been used to gain access to its systems.

After the company detected the compromise, the malicious extension version was removed and the affected device was isolated. The company then began its incident response process. GitHub also replaced important secrets and credentials to reduce the risk of further misuse.

TeamPCP claims data is for sale

The hacker group TeamPCP has claimed that it accessed around 4,000 private repositories linked to GitHub’s main platform. The company later stated that the hacker’s claim of nearly 3,800 repositories was “directionally consistent” with its own investigation so far.

The group reportedly said that the stolen data was not part of a ransom demand and that it would sell it to one buyer or leak it for free if no buyer is found. It has also claimed that it can provide samples to serious buyers to prove authenticity.

Why the incident matters

GitHub hosts the source code for a large part of the world’s software ecosystem. If internal source code falls into the hands of hackers, they may try to study it to find weaknesses that can be misused later.

TeamPCP has also been linked to attacks targeting open-source software packages. GitHub said it will notify customers through its official channels if any impact is found. The company has also said that it will publish a fuller incident report once its investigation is complete.