GitHub Hacked in Suspected Assault by TeamPCP
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Overview
- The hacking group TeamPCP has infiltrated GitHub.
- The breach was facilitated by a harmful Visual Studio Code extension.
- Close to 3800 private repositories of code were compromised.
- No sign of repercussions on customer data stored outside.
- GitHub is collaborating with Microsoft for breach investigation.
- TeamPCP has a reputation for attacking software supply chains.
GitHub Breached via Harmful Extension
Microsoft-owned GitHub, a collaboration and code hosting platform, has verified a security breach reportedly executed by the hacking group TeamPCP. This incident involved the infiltration of an employee’s device via a harmful Microsoft Visual Studio Code extension, resulting in the compromise of about 3800 private code repositories.
Consequences of the Breach
The insecure extension, known as nrwl.angular-console, has over 2.2 million downloads and was compromised on March 18, 2026. GitHub has indicated that the current data exfiltration pertains solely to its internal code repositories and confirmed no evidence of impact on customer data stored externally.
Investigation and Response
GitHub is thoroughly probing the incident and aims to release a detailed report. They are in partnership with Microsoft to evaluate the consequences of the harmful extension. GitHub has promised that customers will be informed through official channels should any impact on their information come to light.
About TeamPCP
TeamPCP is a prominent threat entity recognized for executing software supply chain attacks. Their operations have targeted a variety of developer utilities and open-source platforms, such as npm and PyPI. They have notably been associated with the CanisterWorm attack, which employed an innovative command-and-control strategy that is resistant to usual takedown approaches.
Conclusion
The recent breach of GitHub by TeamPCP emphasizes ongoing weaknesses in software supply chains. Although the immediate consequences are restricted to internal repositories, the event highlights the necessity for heightened awareness and stronger security protocols within the tech sector.
Reader questions
Frequently asked questions
Fast answers to the questions readers ask most about GitHub Hacked in Suspected Assault by TeamPCP.
What led to the GitHub breach?
The breach was caused by a compromised Microsoft Visual Studio Code extension, resulting in the exfiltration of private code repositories.
What is the scope of the data that was exfiltrated?
Approximately 3800 private code repositories were compromised. There is no indication of impact on external customer data.
Who constitutes TeamPCP?
TeamPCP is a hacking collective recognized for software supply chain attacks, focusing on developer tools and open-source systems.
What measures is GitHub undertaking in response to the breach?
GitHub is investigating the situation, collaborating with Microsoft, and plans to publish a thorough report. They will inform customers if any repercussions on their information are found.
What is the extension that was compromised?
The compromised extension is nrwl.angular-console, which boasts over 2.2 million installations.
Is there any effect on customer data held externally?
At present, there is no evidence suggesting that customer data outside of GitHub’s internal repositories has been compromised.
What distinguishes TeamPCP's tactics?
TeamPCP’s attacks are notable for their rapid execution and the use of new techniques, including routing traffic through decentralized Internet Computer Protocol canisters.
