Skip to content

How it took 11 minutes, employee access to breach GitHub; CZ reacts

GitHub confirms breach incident, staff involvement reported
Share this article

Microsoft-owned GitHub, on Wednesday, said that it has been hit by a data breach incident, impacting an estimated 3,800 of its internal code repositories. In a post on X, GitHub confirmed it fell victim to a supply chain attack after hackers from the infamous TeamPCP group. The attackers used a poisoned VS Code extension to compromise a HitHub employee’s device, obtaining credentials needed to access around 3,800 of GitHub’s internal code repositories.

“We removed the malicious extension version, isolated the endpoint, and began incident response immediately. We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity,” GitHub said on X, claiming that further investigation in the case is underway.

Highlights from GitHub’s exploit so far

TeamPCP has claimed responsibility of the GitHub breach on underground dark web sites. Screenshots surfacing on X show that the supply-chain attackers have put up GitHub’s source code and other internal codes for sale. As of now, GitHub has not disclosed if it has been met with any ransom demand from the attackers.

“We are here today to advertise Github’s source code and internal orgs for sale. No low ball offers will be accepted, everything for the main platform is there and I very am happy to send samples to interested buyers to verify the absolute authenticity. There is a total of around -4,000 repos of private code here,” the financially motivated cybercrime group is circulating in its offer.

Independent breach researcher who goes by the username @DarkWebInformer has sounded an alert that the exposed codes could spike the risk of reviews by other threat actors resulting in the identification of vulnerabilities and a flurry of subsequent attacks.

“Status: This remains an unverified underground forum claim. The actor states this is not a ransom attempt and claims the data may be leaked publicly if no buyer is found,” the researcher noted.

Security risks spiked for broader tech ecosystem

Launched in April 2008 and acquired by Microsoft in 2018 for $7.5 billion, GitHub is touted as the largest host of source code in the world that reportedly houses over 630 million code repositories that is tapped by over 180 million global developers to create software. Just last week, Elon Musk said that the latest algorithm of X was published on GitHub.

The breach of GitHub has sent shockwaves through the broader tech and Web3 ecosystem.

Binance founder Changpeng Zhao (CZ) took to X to advise all developers from the crypto community to immediately rotate their API keys and secrets — because if threat actors were to uncover hardcoded API keys concealed within the stolen repositories, they could bypass primary security perimeters entirely and swiftly drain platform assets or user funds.

Similar alerts are being issued by other tech founders and leaders on social media highlighting the seriousness of the situation.

Over the last few years, GitHub has repeatedly found itself targeted by hackers. In late 2024, Microsoft Threat Intelligence discovered that hackers managed to compromise over a million GitHub-visiting devices worldwide via information-stealing malware like LummaStealer.

The threats against the platform only intensified last year when around September the “GhostAction” campaign allowed supply-chain attackers to compromised hundreds of developer accounts to inject malicious code directly into automated GitHub Actions workflows.

In light of these rising threat attacks against GitHub, the platform recently designed an AI-fueled structural security roadmap. The strategy is centered around secure-by-default behaviour and stronger policy enforcement.

As of now, GitHub has no evidence of TeamPCP’s attack impact on customer information stored outside of its internal repositories. It said it is continuing with its investigation and will share more updates moving forward.

About The Coin Headlines

The Coin Headlines strives to bring trust into crypto media. At a time when every soundbite and headline can move the markets from red to green and vice-versa, The Coin Headlines promises to bring verified, credible and timely news and analysis from the world of crypto, blockchain, Web3, tech and markets. Founded in 2026, The Coin Headlines is based in the UAE with a team of experienced journalists and editors covering breaking news and updates from around the world.

From covering the biggest events to interviewing some of the most popular KOLs in the industry, The Coin Headlines keeps you informed of the latest trends and insights.

At The Coin Headlines our focus is clear: Real-time news updates, market movements, whale transfers, macroeconomic trends, tech and AI and geopolitical breaking news. The news we report goes through a strict editorial audit before its published to ensure the readers only get verified and credible information. We realize the world of crypto is dynamic, volatile, and many times, confusing. At The Coin Headlines we break down these complex issues into simple articles which cater to not just the experienced trader but also the student and first-time investor who wants to understand the space before committing to it.