#NEARMarketCapExceedsThreeBillion GitHub has officially confirmed that a security breach compromised roughly 3,800 of its internal repositories. The platform detected the unauthorized access on its infrastructure, which occurred after a developer's device was infected with malware through a poisoned Visual Studio Code extension.

The Microsoft-owned platform stated that the exfiltration was strictly limited to GitHub-internal repositories, which typically hold internal infrastructure configurations, code tools, and deployment scripts. Crucially, officials emphasized that there is currently no evidence suggesting that customer data or external corporate repositories were impacted by the leak.

The notorious cybercrime group known as TeamPCP has claimed responsibility for the supply chain attack and has listed the stolen data for sale on a prominent hacking forum. In response, GitHub immediately isolated the affected employee endpoint, removed the malicious extension, and rotated critical security secrets overnight to mitigate further risks.