A cybercriminal group known as TeamPCP has announced an alleged breach of GitHub’s internal systems, claiming they have accessed sensitive organizational data and source code. The group is reportedly trying to sell this data on illicit cybercrime forums, seeking bids starting at $50,000.
Details of the Alleged Breach
The attackers allege that their breach affects around 4,000 private repositories linked to GitHub’s core platform. To support their claims, TeamPCP has shared a list of files and screenshots showcasing repository names. To entice potential buyers, they have offered data samples as proof of authenticity.
GitHub has responded to these claims by confirming that an investigation is underway. A statement issued via X (formerly Twitter) assures users that customer data appears unaffected. GitHub emphasized that their current investigations do not indicate any compromise of customer information stored outside of their internal systems.
Profile of TeamPCP
TeamPCP, also known as UNC6780, is recognized by Google’s Threat Intelligence Group as a sophisticated, financially driven cyber threat actor. The group is infamous for conducting complex cross-ecosystem supply chain attacks. Earlier this year, they successfully targeted several major security and development tools.
Among their notable exploits, TeamPCP leveraged the CVE-2026-33634 vulnerability in the Trivy Vulnerability Scanner, affecting over 1,000 organizations, including Cisco. They also targeted Checkmarx and LiteLLM in a campaign focused on credential theft within CI/CD environments. Moreover, they have previously leaked their own Shai-Hulud malware source code on GitHub.
Ongoing Investigation and Future Implications
GitHub’s investigation into the alleged breach is still in progress, and they have not confirmed the means by which access was obtained nor the validity of the claim regarding 4,000 repositories. The company is actively monitoring their infrastructure for any suspicious activity.
If customer impact is verified, GitHub plans to notify affected users through established communication channels. As the investigation continues, further updates are expected to unfold, potentially revealing more about the breach’s scope and implications for GitHub’s security posture.
Stay informed by following us on Google News, LinkedIn, and X for the latest updates on this developing story.
