The TeamPCP hacker group on the Breached cybercrime forum claimed it had gained access to nearly 4,000 private GitHub repositories via the breach.

GitHub has officially confirmed, via an X post today, that thousands of its internal repositories were breached after an employee’s device was compromised through a malicious Visual Studio Code extension.

The group alleged that it had exfiltrated internal source code and other private data, and stated that it was seeking at least $50,000 from potential buyers for the stolen material. “This is not a ransom,” the group wrote in its post, adding that it intended to sell the data rather than extort GitHub directly, and threatening to leak the repositories publicly if no buyer emerged.

TeamPCP has previously been linked to several high-profile campaigns involving platforms such as GitHub, PyPI, npm, and Docker. At the same time, malicious VS Code extensions have repeatedly surfaced in recent years as an increasingly effective vector for breaches and malware delivery.