India, May 21 -- GitHub has confirmed a major data breach affecting approximately 3,800 internal code repositories after a hacker group successfully compromised an employee's device. The Microsoft-owned company disclosed that the infiltration was carried out via a poisoned Visual Studio (VS) Code extension.

We are investigating unauthorized access to GitHub's internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organizations, and repositories), we are closely.

- GitHub (@github) May 19, 2026

The cybercrime group TeamPCP (also tracked as UNC6780) has claimed responsibility for the attack. They are currently marke...