GitHub is investigating a breach of its internal repositories after the hacker group TeamPCP said it accessed nearly 4,000 repositories containing private code.
GitHub’s cloud-based development platform is used by more than 4 million organizations (including 90% of the Fortune 100) and more than 180 million developers who contribute to more than 420 million pieces of code.
The company has yet to share more information about the investigation, but said it currently has no evidence that customer data stored outside of internal repositories has been affected.
“We are investigating unauthorized access to GitHub’s internal repositories,” GitHub told BleepingComputer when asked for more details.
“While we currently have no evidence of an impact on customer information stored outside of GitHub’s internal repositories (such as our customers’ businesses, organizations, and repositories), we are closely monitoring our infrastructure for future work.”
GitHub also said that all affected customers will be notified through the established notification and incident response channels if there is evidence that it has been found.
TeamPCP demanded access to “Github source code and internal orgs” on the Breached hacking forum on Tuesday, asking for at least $50,000.
“No low ball offers will be accepted, everything for the main platform is there and I am more than happy to send samples to interested buyers to ensure complete authenticity. There are a total of ~4,000 private code repos here,” they said.
“As usual this is not a ransom, We don’t mind scamming Github, 1 buyer and split the details at the end, it looks like our retirement is coming soon so if no buyer can be found we will release it for free. If you are interested. Send your offer on the social media below, we are not interested under 50k, the best offer we will get.”
TeamPCP has previously been linked to supply chain attacks targeting multiple developer code platforms, including GitHub, PyPI, NPM, and Docker.
In March, a hacker group also compromised Trivy’s Aqua Security scanner, which is believed to have led to vulnerabilities affecting Aqua Security Docker images and the Checkmarx KICS project.
The Trivy breach also affected the LiteLLM open source Python library in an attack that infected tens of thousands of devices with the “TeamPCP Cloud Stealer” information-stealing malware.
Recently, the cybercriminal group was also linked to the “Mini Shai-Hulud” supply campaign (which affected the machines of two OpenAI employees) and threatened to leak stolen Mistral AI source code using compromised CI/CD credentials.
Automated testing tools deliver real value, but they’re designed to answer one question: can an attacker deploy on a network? They are not designed to check that your controls block threats, your firewall detection, or your cloud configs.
This guide covers the 6 areas you really need to verify.
Download Now
