Microsoft-Owned GitHub Faces Security Scare After Hackers Claim Access To Internal Systems, Threaten Public Leak Of Stolen Repositories

Microsoft Corporation

Microsoft Corporation

MSFT

0.00

Microsoft Corp's (NASDAQ:MSFT) subsidiary GitHub is investigating a suspected cyberattack after the threat actor known as TeamPCP claimed to have stolen internal source code and data tied to thousands of repositories from the platform.

Alleged GitHub Breach Sparks Supply-Chain Security Concerns

The company said Tuesday it is examining reports of unauthorized access involving its internal repositories after TeamPCP allegedly listed the data for sale on a cybercrime forum.

GitHub said it has currently "no evidence of impact to customer information stored outside of GitHub's internal repositories," including enterprise, organization and customer repositories.

However, the company added that it is "closely monitoring" its systems for any additional malicious activity.

The platform also said affected customers would be notified through its standard incident response and notification channels if investigators uncover any confirmed impact.

Read Also: Microsoft Challenges OpenAI With Faster, In-House 'MAI' Models

GitHub Links Internal Breach To Malicious VS Code Extension

In a follow-up post on X, GitHub said it contained a breach linked to a compromised employee device infected through a malicious Microsoft Visual Studio Code extension.

The company said it has rotated critical secrets and secured high-priority credentials.

"Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only," GitHub said, adding that claims involving roughly 3,800 repositories are broadly consistent with its ongoing investigation.

TeamPCP Claims It Stole 4,000 Repositories

According to screenshots shared online by cybersecurity account Dark Web Informer, TeamPCP said that the alleged breach includes roughly 4,000 repositories and GitHub source code.

"As always, this is not a ransom," the group reportedly wrote in the post. "We do not care about extorting GitHub."

The hackers allegedly demanded at least $50,000 for the data and threatened to release it publicly if no buyer emerged.

TeamPCP has previously also been linked to attacks involving open-source software ecosystems.

Price Action: Microsoft traded at $417.42, down 1.44% in regular trading on Tuesday and slipped further to $416.78 in after-hours trading, according to Benzinga Pro.

According to Benzinga Edge Stock Rankings, MSFT is in the 93rd percentile for Quality and shows a strong positive price trend in the short to medium term, although its long-term trend remains negative.

Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.

Read Also: Elon Musk Says ChatGPT-Parent Created Precedent To 'Loot Charities' As Judge Throws Out Case Against Microsoft And OpenAI: 'Will Be Filing An Appeal'

Photo courtesy: Poetra.RH / Shutterstock.com

This page is machine-translated. Sahm tries to improve but does not guarantee the accuracy and reliability of the translation, and will not be liable for any loss or damage caused by any inaccuracy or omission of the translation. *Disclaimer: The above content only represents the author's personal position and opinion and does not represent any position of Sahm Capital Financial Company and Sahm cannot confirm the authenticity, accuracy, and originality of the above content. Investors should consider the risks of investment products in light of their circumstances before making any investment decisions. When necessary, please consult a professional investment advisor. Sahm does not provide any investment advice, nor does it make any commitments and guarantees.