Update May 21: GitHub has confirmed unauthorized access to approximately 3,800 internal repositories following a compromise involving a malicious version of the Nx Console Visual Studio Code extension installed on an employee device. The company stated there is currently no evidence customer repositories, customer data, or production systems were impacted.
A forum user claiming affiliation with the TeamPCP threat group has posted an alleged sale listing for thousands of internal GitHub repositories and source code files purportedly stolen during a recent intrusion tied to the broader Mini Shai-Hulud supply chain campaign.
In a post published on May 20, the actor claimed to possess approximately 4,000 private repositories allegedly belonging to GitHub’s internal environment. The user stated the archive contains “everything for the main platform” and threatened to publicly leak the data if no buyer is found.
GitHub publicly confirmed the breach after investigating claims that attackers accessed internal repositories through a compromised employee device infected via the malicious Nx Console extension distributed during the TanStack-related supply chain attack.
The forum post also included multiple screenshots purportedly showing internal GitHub repository listings, enterprise configuration files, and Ruby application components allegedly tied to GitHub platform infrastructure.
GitHub confirms internal repository compromise
According to GitHub’s public statements, the intrusion originated from a malicious version of the Nx Console Visual Studio Code extension installed on an employee device. The company said the compromise allowed attackers to access a limited portion of GitHub’s internal environment, including thousands of internal repositories.
GitHub stated there is currently no evidence customer repositories, customer data, or production systems were impacted during the intrusion.
The company also said it rotated critical secrets and credentials following the incident and continues monitoring for follow-on activity tied to the compromise.
GitHub did not confirm the authenticity of the repository archive advertised in the forum post or verify the actor’s claim that approximately 4,000 repositories were exfiltrated. However, the company reportedly described the actor’s claims as “directionally consistent” with findings from its ongoing investigation.
The alleged seller claimed the archive contains internal platform source code and organization repositories associated with GitHub’s core infrastructure.
According to screenshots shared in the listing, the alleged repository archive references GitHub enterprise functionality and internal security tooling tied to secret scanning, Dependabot integrations, GitHub Actions workflows, organization policy systems, Copilot-related functionality, and repository security management.
The screenshots also appeared to show internal Ruby application files associated with workflow management, enterprise administration tooling, billing systems, and organization-level configuration logic.
BreachNews has not independently verified the authenticity of the alleged source code or confirmed the scope of any alleged data exfiltration.
Incident tied to wider Mini Shai-Hulud campaign
The GitHub intrusion emerged amid the rapidly expanding Mini Shai-Hulud campaign targeting developer infrastructure, CI/CD environments, npm ecosystems, and software supply chains.
BreachNews previously reported that OpenAI confirmed an internal breach linked to the Mini Shai-Hulud supply chain attack after attackers compromised employee devices and accessed limited internal repositories.
The broader campaign has also been associated with malicious package publishing activity affecting projects connected to Mistral AI, AntV, UiPath, OpenSearch, and other widely used developer ecosystems.
The actor behind the alleged GitHub repository sale specifically referenced prior reporting surrounding the Lightning AI repository leak tied to the PyTorch Lightning incident and claimed the screenshots could be authenticated through connections to previously disclosed TeamPCP-linked activity.
BreachNews also previously covered the broader Mini Shai-Hulud malware campaign targeting CI/CD infrastructure and npm ecosystems.
