GitHub has confirmed a significant security incident involving the unauthorized access of approximately 3,800 internal code repositories. The platform, owned by Microsoft, stated that the breach originated from a compromised employee device, which was infected via a malicious Visual Studio Code extension. While the investigation remains active, the company has indicated that there is currently no evidence suggesting that customer data stored outside of these specific internal repositories was impacted.

The incident highlights a growing trend in cyberattacks where malicious actors target widely used open-source tools and plugins to gain entry into secure development environments. By compromising popular extensions, hackers can effectively infiltrate the systems of developers and organizations on a massive scale. Although GitHub has not publicly identified the specific extension used in this attack, the breach has drawn attention to the vulnerabilities inherent in the software supply chain.

Reports suggest that a hacking group known as TeamPCP has claimed responsibility for the intrusion and is allegedly attempting to sell the stolen data on cybercrime forums. This group has previously been linked to other high-profile breaches, including the theft of sensitive data from the European Commission. The incident follows a pattern of similar supply chain attacks, such as the recent compromise of the Tanstack platform, which was used to distribute malware aimed at stealing developer credentials and authentication tokens.