GitHub probes alleged breach of 4,000 internal repositories
TeamPCP is previously been known to attack the developer ecosystem, including platforms like PyPI, npm, and Docker
GitHub is investigating a security breach after the cybercrime group TeamPCP claimed to have accessed approximately 4,000 private repositories containing the platform's internal source code.
The group posted the alleged stolen data for sale on the Breached hacking forum Tuesday, demanding a minimum of $50,000 for a single buyer, with a threat to release everything for free if no offer materialises.
GitHub investigates internal repository breach.
In a statement posted on X, GitHub said it is investigating “unauthorised access” to its internal repositories. The company added that it has found no evidence so far that customer data outside those systems has been affected, including enterprise environments and public or private user repositories.
GitHub stated that it is monitoring its infrastructure for any further attacks and will inform any customer if there is any risk involved.
TeamPCP, a hacking group, was identified as being responsible for this attack on a cybercrime forum, where it claims to have gained access to nearly 4,000 private repositories. It says that it requires at least $50,000 from a buyer, as it has source code as well as organisational information.
The hackers offered the data for sale as a one-time transaction, after which they would either destroy the data or publish it publicly if no buyer were found.
TeamPCP has previously been known to attack the developer ecosystem, including platforms like PyPI, npm, and Docker.
In March, TeamPCP was also linked with hacking the Trivy scanner from Aqua Security, and this resulted in hacks that compromised container images and open-source software. This attack is said to have distributed malware among tens of thousands of devices.
Security professionals state that hacks that involve internal repositories may have significant ramifications if source code or credentials are stolen. GitHub, an organisation that is utilised by more than four million organisations, most of which are Fortune 100 firms, is key in software development across the globe.
-
OpenAI eyes major Ohio data center deal with Nvidia support -
Why Anthropic’s Mythos-class Claude Fable 5 refuses to answer basic biology questions -
Verizon outage leaves thousands without mobile service -
Musk's xAI, SpaceX face legal action over data center 'nuisance' -
Anthropic rolls out Mythos-like AI model 'Claude Fable 5' without cybersecurity -
EU orders Meta to allow free WhatsApp access for rival AI chatbots -
Apple’s new ‘Siri AI’ tool fails to meet EU regulatory requirements -
Anthropic to release Mythos AI publicly on June 9: Reports
-
OpenAI reveals plan to bring personal AGI to every human -
Elon Musk assures investors that AI satellites will use existing technology ahead of SpaceX IPO
-
SpaceX launches AI1 orbital satellite to power space data centers ahead of $75B IPO
-
Apple rolls out new 'Siri AI' at WWDC 2026 powered by Apple's intelligence
