GitHub is investigating a security breach involving its internal repositories after a hacker group known as TeamPCP claimed it had accessed around 4,000 private repositories containing internal code.
GitHub, which is used by more than 4 million organizations, including 90 percent of the Fortune 100, and over 180 million developers worldwide, has not yet shared full details about the incident. However, the company said it currently has no evidence that customer data stored outside its internal repositories has been affected.
“We are investigating unauthorized access to GitHub’s internal repositories,” GitHub told BleepingComputer when asked for more information.
The company added that, at this stage, it has no evidence of any impact on customer information stored outside GitHub’s internal repositories, including customer enterprises, organizations, and repositories. GitHub said it is closely monitoring its infrastructure for any follow-on activity.
GitHub also said it will notify affected customers through its established notification and incident response channels if it discovers any evidence of customer impact.
The breach claim appeared on the Breached hacking forum on Tuesday, where TeamPCP said it had access to “GitHub’s source code and internal orgs.” The group claimed the stolen data includes roughly 4,000 private code repositories and asked for offers of at least $50,000.
TeamPCP said it was not trying to ransom GitHub and claimed it would sell the data to one buyer before deleting its own copy. The group also threatened to leak the data for free if no buyer was found.
TeamPCP has previously been linked to supply chain attacks targeting several developer platforms and ecosystems, including GitHub, PyPI, NPM, and Docker.
In March, the group compromised Aqua Security’s Trivy vulnerability scanner, which is believed to have triggered further compromises affecting Aqua Security Docker images and the Checkmarx KICS project.
The Trivy breach also affected the LiteLLM open-source Python library in an attack that infected tens of thousands of devices with the “TeamPCP Cloud Stealer” information-stealing malware.
More recently, the cybercrime group was also linked to the “Mini Shai-Hulud” supply-chain campaign, which affected the devices of two OpenAI employees. TeamPCP also reportedly threatened to leak Mistral AI source code stolen through compromised CI/CD credentials.





