GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

GitHub has confirmed a security breach affecting 3,800 repositories, all internal to the company, following an investigation triggered on May 19. The hackers, TeamPCP, claim access to GitHub’s source code and internal organizational data, stating their demands are for a $50,000 sale rather than ransom. The breach began after a GitHub employee installed a malicious Visual Studio Code extension, compromising their device. GitHub’s spokesperson acknowledged swift action, including rotating critical secrets, but TeamPCP accused the company of delaying disclosure. The hacking group posted a for-sale notice on a dark web forum, warning that data would be leaked for free if no buyer is found. GitHub reassured users that no customer information outside its internal repositories was impacted, though it continues monitoring for follow-up threats. TeamPCP’s leader, identified as 'box turtle,' claimed GitHub withheld information for hours and vowed future transparency would be lacking. The group emphasized they are not holding GitHub to ransom but are seeking a single buyer before destroying the data. GitHub advises users to enable two-factor authentication and add passkeys to mitigate potential phishing attacks linked to the breach. The incident underscores risks tied to third-party extensions, particularly in developer tools like VS Code. GitHub’s investigation remains ongoing, with a full report expected upon completion. The breach highlights vulnerabilities even in widely used platforms, with potential ripple effects across the 400 million repositories hosted globally. TeamPCP’s threat to leak data publicly adds urgency to the situation, though GitHub insists no external customer data was exposed. Developers are urged to remain vigilant against phishing attempts exploiting the breach, while GitHub works to contain and address the fallout.