GitHub says a malicious Visual Studio Code extension led to the compromise of about 3,800 internal repositories after an employee installed the bad plugin on a company device. The extension has been removed from the VS Code Marketplace and the affected machine has been isolated, but the incident is another reminder that developer tooling has become a soft target for supply chain attacks.
TeamPCP, the group claiming responsibility, says it stole source code from roughly 4,000 private GitHub repositories and is offering the data for at least $50,000. If nobody pays, the hackers say they will dump the archives for free – a familiar bluff in the extortion economy, except this time they are trying to dress it up as a fire sale.
GitHub says it has not found signs that user data outside its internal repositories was exposed. That distinction matters, but it does not make the incident small: source code, access tokens, and internal project files are exactly the kind of material attackers can later weaponize against developers, customers, and downstream services.
GitHub breach shows the risks of VS Code extensions
This is not a one-off. VS Code extensions have become a popular route for attackers because they sit close to the tools developers trust most, and Microsoft has repeatedly had to pull malicious plugins from the marketplace. Some of those have ranged from crypto miners to crude ransomware, which tells you everything about how broken the incentive structure is.
TeamPCP is also not a new name in this ecosystem. The group has previously been linked to attacks involving PyPI, npm, and Docker-related targets, and it was tied to the Mini Shai-Hulud campaign that affected people at companies including OpenAI. In other words, this is a crew with a habit of following the software supply chain wherever the keys are easiest to steal.
Why GitHub is such a tempting target
The scale alone explains the appeal. GitHub says it serves more than 180 million developers and 4 million organizations, including 90% of companies in the Fortune 100. That kind of reach means a compromise inside the platform can echo far beyond one corporate network, especially when the stolen material includes internal code and credentials.
For GitHub, the immediate damage may be contained. For everyone else, the lesson is less comforting: one sloppy extension install can turn a routine workstation into a gateway, and the industry still relies on developers to spot that risk before an attacker does.
What happens next for the stolen code
If TeamPCP can find a buyer, the code likely stays private long enough to be quietly reused in follow-on attacks. If it cannot, the public leak threat gives defenders a short and unpleasant window to rotate secrets, review exposed repositories, and hunt for anything that should never have left GitHub in the first place.