GitHub investigates – GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed it accessed about 4,000 repositories of private code. GitHub says it has found no evidence that customer data stored outside its internal repositories—such as
A warning message went up on a hacking forum, and within hours GitHub was forced back into investigation mode.
The TeamPCP hacker group claimed it had accessed GitHub’s internal repositories containing private code—roughly 4,000 repositories. The group said the trove included “Github’s source code and internal orgs” and asked for at least $50. 000 to sell the material. promising to send samples to buyers to “verify the absolute authenticity.”.
GitHub. a cloud-based development platform used by more than 4 million organizations—covering 90% of the Fortune 100—has said it is investigating unauthorized access to its internal repositories. In its response. the company told MISRYOUM it currently has no evidence that customer data stored outside its internal repositories has been affected. including data held by customers’ enterprises. organizations. and repositories.
The company said it is closely monitoring its infrastructure for any follow-on activity. If evidence of impact is discovered, GitHub said all affected customers will be alerted through established notification and incident response channels.
TeamPCP’s post carried the tone of someone setting a price and a clock. It said it was not a ransom attempt and claimed it did not care about “extorting” GitHub. The group wrote that if no buyer was found, it would “leak it free,” while adding: “We shred the data on our end.”
The company hasn’t released further details about what the investigation has found so far.
This isn’t the first time TeamPCP has been linked to assaults aimed at developer ecosystems. The hacker group has previously been associated with supply chain attacks targeting multiple developer code platforms, including GitHub, PyPI, NPM, and Docker.
In March, TeamPCP compromised Aqua Security’s Trivy vulnerability scanner. That incident is believed to have contributed to cascading compromises involving Aqua Security Docker images and the Checkmarx KICS project.
The Trivy breach also affected the LiteLLM open-source Python library. That attack is described as having infected tens of thousands of devices with malware called “TeamPCP Cloud Stealer,” designed to steal information.
More recently, the cybercrime gang was linked to the “Mini Shai-Hulud” supply-chain campaign, which impacted the devices of two OpenAI employees. The group also threatened to leak Mistral AI source code stolen using compromised CI/CD credentials.
Back on GitHub, the immediate question is what TeamPCP actually reached—and whether it could expand beyond internal systems. GitHub’s current position is that there is no evidence yet that customer information outside its internal repositories has been impacted. It is still monitoring for additional activity. and any impact discovered would trigger customer notifications through its established incident response channels.
For developers and companies that rely on GitHub as a daily workspace, the stakes are simple even when details are scarce: internal repository access is not just a technical breach—it’s a potential doorway into trust, tooling, and the software supply chain that sits on top of it.
GitHub breach TeamPCP internal repositories private code supply chain attacks vulnerability scanner Trivy Aqua Security LiteLLM CI/CD credentials cybersecurity
So basically GitHub got hacked and now they’re like “no proof”?? Cmon.
I don’t even understand how 4,000 repos is like, huge or not. If it’s internal code, that can still mess people up right?
Wait the article says “no evidence customer data outside internal repos” but then also says customers enterprises and orgs?? That sounds like customer data to me, unless I’m reading it wrong.
TeamPCP says “not ransom” but also asks for $50,000 and threatens to leak it free… that’s literally ransom vibes. Also “we shred the data” like that makes it ok lol.