Malicious VS Code extension exfiltrates 3,800 GitHub internal repos

GitHub confirmed that an employee installed a poisoned VS Code extension, giving attackers access to roughly 3,800 internal repositories before the company isolated the endpoint and pulled the extension from the marketplace. GitHub says the exfiltration appears limited to its own internal code and that customer data stored outside those repos was not touched. The figure aligns with claims from the TeamPCP group, which is hawking the haul on the Breached forum for a $50,000 minimum and threatening to leak it for free if no buyer surfaces.

TeamPCP has prior form in developer-ecosystem supply chain attacks across GitHub, PyPI, NPM, and Docker, and has been tied to the recent Mini Shai-Hulud campaign that also hit two OpenAI employees. The VS Code marketplace has become a recurring vector: past incidents include extensions with 9 million combined installs pulled for security risks, XMRig-laden fake dev tools, ransomware-capable extensions from the WhiteCobra cluster, and AI-coding-assistant impersonators with 1.5 million installs that beaconed data to servers in China.

The breach is notable less for novelty than for whose endpoint fell: a GitHub employee, on a platform used by 90% of the Fortune 100. It underscores how thin the trust boundary around IDE extensions remains, and how the marketplace model — low review friction, broad runtime privileges — keeps producing supply chain footguns even at companies whose business is securing developer infrastructure.