Microsoft's GitHub confirmed a breach of internal repositories on May 20, 2026. The incident compromised approximately 3,800 repositories. An employee triggered the breach by installing a malicious Visual Studio (VS) Code extension. The company detected and contained the compromise, immediately isolating the affected employee's device.
The company also rotated critical credentials to secure the environment. Hacking group TeamPCP claimed responsibility for the attack. The group stated they accessed 4,000 repositories containing proprietary source code. TeamPCP is offering the stolen data for sale for over $50,000.
GitHub acknowledged the attackers' claims are directionally consistent with its investigation. No evidence currently indicates that customer data or user repositories were impacted. The company continues to monitor the situation for further developments.