GitHub's source code is allegedly up for sale online. (Representational image made with AI)

GitHub suffers breach in internal code, hackers claim they have source code for sale

GitHub's source code is allegedly on sale online. Hackers claim that they will release it for free if they don't find a buyer soon. The Microsoft-owned platform has confirmed that it is investigating the breach, but it says that no user data seems to have been compromised.

by · India Today

In Short

  • GitHub source code allegedly put on sale online
  • Hackers want over $50,000 for this data
  • GitHub is investigating the breach, says no user data breached

On Tuesday, software development platform GitHub’s source codes were allegedly put on sale online. As per reports, the threat actor behind this claims to be TeamPCP – a major online hacking group. Following TeamPCP’s claims, GitHub took to X to inform users that it was investigating a breach, but no user data was likely accessed by the threat actors.

GitHub is a Microsoft-owned platform that hosts the source code for a big portion of the world's software. Though keep in mind that at the time of writing, GitHub claims that only its own data was likely accessed.

GitHub is investigating the breach.

What was the breach?

TeamPCP claims that it breached GitHub's internal systems and got access to its proprietary organisation data and source code. That is, the code that runs the entire platform.

As per Dark Web Informer, the group is seeking more than $50,000 for the alleged dataset, which it said includes about 4,000 private repositories linked to GitHub's main platform. A repository is essentially a folder for a project that tracks every change ever made to it.

A screenshot showing TeamPCP offering the data. (Photo: Dark Web Informer)

This means that any bad actors who get access to this data can likely find new cybersecurity flaws in GitHub’s code which can be exploited.

Who was behind the breach?

TeamPCP, formally tracked by the Google Threat Intelligence Group as UNC6780, is often described as a financially motivated threat group linked to software supply chain attacks targeting open-source packages.

Earlier in 2026, the group was tied to attacks involving the Trivy Vulnerability Scanner, Checkmarx and LiteLLM.

The group also claimed that it would put the data online for free if it doesn’t get a buyer. TeamPCP said in its post: "As always, this is not a ransom. We do not care about extorting GitHub, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found, we leak it for free."

TeamPCP claims that they may even put the data online for free. (Photo: Dark Web Informer)

The group has also published a public file list and screenshots showing repository archive names, and said it is willing to provide samples to serious buyers to prove authenticity.

GitHub says no user data compromised

On X, GitHub confirmed that there had been unauthorised access to its internal repositories. The company added, "While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organisations, and repositories), we are closely monitoring our infrastructure for follow-on activity."

GitHub also said it would notify customers through its established incident response and notification channels if any impact is discovered.

In a follow-up update on X, GitHub said it had detected and contained a compromise of an employee device involving a poisoned Microsoft Visual Studio Code extension. The company added, “We removed the malicious extension version, isolated the endpoint, and began incident response immediately.”

GitHub stated that one employee device was compromised.

The Microsoft-owned platform further stated, “The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.” That is, it is likely that around 3,800 repositories were accessed. GitHub has stated that it will publish a “fuller report” once the investigation is complete.

This account is believed to be linked to TeamPCP.

Following the incident, an X account linked to TeamPCP said,"GitHub knew for hours, they delayed telling you and they won't be honest in the future. What an amazing run, it's been an honour to play around with the cats over the past few months."

- Ends

Vercel hacked, hacker using ShinyHunters name to sell data for $2 millionVercel, a cloud platform that hosts and deploys web apps, was recently compromised in a cyberattack stemming from an AI tool. The company says that no sensitive data was accessed after hackers claimed to be selling Vercel customer data online. Vercel has clients such as OpenAI, Cursor, Bose, and Pinterest.Armaan Agarwal, 20 Apr 2026Viral audio clip claims Zuckerberg tracked employees to replace them with AI at MetaA leaked audio allegedly featuring Mark Zuckerberg discussing employee tracking for AI training has surfaced as Meta begins laying off nearly 8,000 employees worldwide.Om Gupta, 20 May 2026Meta layoffs begin, employees wake up to 4 am email, 8,000 jobs on the lineMeta has reportedly begun laying off workers globally, with around 8,000 employees expected to be impacted. As per reports, the company sent emails to affected employees in its Singapore hub at 4 am on Wednesday.Armaan Agarwal, 20 May 2026