Update May 20: GitHub has since confirmed unauthorized access to approximately 3,800 internal repositories following a compromise involving a malicious VS Code extension installed on an employee device. The company stated there is currently no evidence customer repositories or customer data were impacted.
A forum user claiming affiliation with the TeamPCP threat group has posted an alleged sale listing for thousands of internal GitHub repositories and source code files purportedly stolen during a recent intrusion tied to the broader Mini Shai-Hulud supply chain campaign.
In a post published on May 20, the actor claimed to possess approximately 4,000 private repositories allegedly belonging to GitHub’s internal environment. The user stated the archive contains “everything for the main platform” and threatened to publicly leak the data if no buyer is found.
The claims surfaced shortly before GitHub publicly confirmed that attackers accessed approximately 3,800 internal repositories after an employee device was compromised through a malicious VS Code extension linked to the ongoing Mini Shai-Hulud supply chain campaign.
GitHub stated there is currently no evidence customer repositories, customer data, or production systems were impacted during the intrusion.
The forum post also included multiple screenshots purportedly showing internal GitHub repository listings, enterprise configuration files, and Ruby application components allegedly tied to GitHub platform infrastructure.
GitHub confirms internal repository compromise
According to GitHub’s public statement, the intrusion originated from a malicious Visual Studio Code extension installed on an employee device. The company said the compromise allowed attackers to access a limited portion of GitHub’s internal environment, including thousands of internal repositories.
GitHub did not confirm the authenticity of the repository archive advertised in the forum post or verify the actor’s claim that approximately 4,000 repositories were exfiltrated. However, the company reportedly stated the actor’s claims were “directionally consistent” with findings from its ongoing investigation.
The alleged seller claimed the archive contains internal platform source code and organization repositories associated with GitHub’s core infrastructure.
According to screenshots shared in the listing, the alleged repository archive references GitHub enterprise functionality and internal security tooling tied to secret scanning, Dependabot integrations, GitHub Actions workflows, organization policy systems, Copilot-related functionality, and repository security management.
The screenshots also appeared to show internal Ruby application files associated with workflow management, enterprise administration tooling, billing systems, and organization-level configuration logic.
BreachNews has not independently verified the authenticity of the alleged source code or confirmed the scope of any data exfiltration.
Incident tied to wider Mini Shai-Hulud campaign
The GitHub intrusion emerged amid the rapidly expanding Mini Shai-Hulud campaign targeting developer infrastructure, CI/CD environments, npm ecosystems, and software supply chains.
BreachNews previously reported that OpenAI confirmed an internal breach linked to the Mini Shai-Hulud supply chain attack after attackers compromised employee devices and accessed limited internal repositories.
The broader campaign has also been associated with malicious package publishing activity affecting projects connected to Mistral AI, AntV, UiPath, OpenSearch, and other widely used developer ecosystems.
The actor behind the alleged GitHub repository sale specifically referenced prior reporting surrounding the Lightning AI repository leak tied to the PyTorch Lightning incident and claimed the screenshots could be authenticated through connections to previously disclosed TeamPCP-linked activity.
BreachNews also previously covered the broader Mini Shai-Hulud malware campaign targeting CI/CD infrastructure and npm ecosystems.
