Technology & Science
TeamPCP Heist: Malicious VS Code Extension Breaches 3,800 GitHub Internal Repositories
On 20 May 2026 GitHub revealed that a single poisoned Visual Studio Code plugin on an employee laptop let the TeamPCP supply-chain gang siphon off roughly 3,800 of its private repositories, which the hackers are now offering for at least US $50,000 on underground forums.
Focusing Facts
- TeamPCP’s BreachForums listing advertises “~4,000” GitHub repos for sale with a minimum price tag of $50k and promises a free leak if no buyer emerges.
- GitHub says it rotated high-impact secrets within hours and has found no evidence of customer-hosted repos or enterprises being touched.
- Investigators traced the entry point to the nrwl.angular-console VS Code extension, installed over 2.2 million times before the compromise was pulled.
See how 3 sources reported this story.
- ✓ Full multi-perspective analysis on every story
- ✓ Primary source links for every claim
- ✓ Daily email briefing — no algorithm
Perspectives in this article
- Cybersecurity trade press
- General tech news sites
- Crypto & finance-focused media