{"id":648766,"date":"2026-05-20T09:05:51","date_gmt":"2026-05-20T07:05:51","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=648766"},"modified":"2026-05-20T09:23:59","modified_gmt":"2026-05-20T07:23:59","slug":"github-hacked-source-code-up-for-sale","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/648766-github-hacked-source-code-up-for-sale.html","title":{"rendered":"Github hacked, bidding war for source code at R1.6 million"},"content":{"rendered":"\n

Code sharing platform GitHub, which has over 150 million registered developers worldwide, announced on Wednesday that an unauthorised actor had gained access to its internal systems.<\/p>\n\n\n\n

A threat actor known as TeamPCP claimed responsibility for the incident and listed GitHub’s source code for sale, along with around 4,000 code repositories, at a starting price of $50,000 (R835,635).<\/p>\n\n\n\n

The group later updated the forum post in which it announced the breach, stating that it had received an offer of $95,000 (R1.6 million).<\/p>\n\n\n\n

In a series of posts on Twitter\/X, GitHub said<\/a> that TeamPCP’s claims were “directionally consistent with our investigations so far.”<\/p>\n\n\n\n

The Microsoft-owned platform said it currently had no evidence of any impact on customer information stored outside its internal repositories, such as customers’ private groups and repositories.<\/p>\n\n\n\n

“If any impact is discovered, we will notify customers via established incident response and notification channels,” it said.<\/p>\n\n\n\n

TeamPCP posted on a popular hacker forum that it was selling GitHub source code and “internal orgs”. It said no low-ball offers would be accepted.<\/p>\n\n\n\n

“Everything for the main platform is there, and I am very happy to send samples to interested buyers to verify the absolute authenticity,” the group stated.<\/p>\n\n\n\n

“There is a total of around ~4,000 repos of private code here,” TeamPCP said. This was the claim GitHub said was “directionally consistent” with its investigation, although it said the number was closer to 3,800.<\/p>\n\n\n\n

TeamPCP added that it was not extorting GitHub, but rather looking for a single buyer before “shredding” the data on their end.<\/p>\n\n\n\n

“It looks like our retirement is soon, so if no buyer is found we will leak it free,” it said in a post on a popular hacker forum.<\/p>\n\n\n\n

According to GitHub, the hack of its internal systems originated in the compromise of an employee’s device involving a poisoned Visual Studio Code (VS Code) extension.<\/p>\n\n\n\n

VS Code is a popular programming tool created by Microsoft. A lightweight development environment, VS Code is a text editor which can be customised with extensions for various programming tasks.<\/p>\n\n\n\n

GitHub did not specify which VS Code add-on was used. “We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub stated<\/a>.<\/p>\n\n\n\n

GitHub’s response teams moved quickly to reduce risks and began changing its passwords and other critical access information, with the highest-impact credentials changed first.<\/p>\n\n\n\n

“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only,” it said.<\/p>\n\n\n\n

The company said that its teams were still analysing logs, validating credential rotation and monitoring for any follow-on activity. It said it would publish a fuller report once the investigation was complete.<\/p>\n\n\n\n

AI also made hackers better and faster<\/h2>\n\n\n\n
\"\"
Researchers from cybersecurity firm Calif present their MacOS exploit to Apple in person.<\/figcaption><\/figure>\n\n\n\n

There are growing concerns globally among companies about the proliferation and expanded capabilities of generative AI software, which are strengthening threat actor groups.<\/p>\n\n\n\n

Bijan Sanii, CEO of Canadian fraud detection provider Inetco, which provides services to Standard Bank and African Bank, told MyBroadband that AI was accelerating hacking attempts. <\/p>\n\n\n\n

“AI-assisted tools can help attackers discover and exploit vulnerabilities much faster,” he said. Discovery, testing and potential weaponisation of software weaknesses is becoming easier with these tools.<\/p>\n\n\n\n

Ian van Rensburg, security engineering head for Africa at cybersecurity firm Check Point Software, said that hackers and security professionals were now engaged in an AI arms race.<\/p>\n\n\n\n

“Hackers are using AI, and their attacks are now at the speed of a machine and not a human. These things get exploited very quickly,” he said.<\/p>\n\n\n\n

At the same time, cybersecurity experts are using AI to find vulnerabilities before threat actors can and patch these holes before they can be exploited. <\/p>\n\n\n\n

Last week, a team of researchers from California used Anthropic’s Mythos to create a rare, working compromise of MacOS<\/a> that defeats Apple’s strongest on-device protection.<\/p>\n\n\n\n

“Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalises to nearly any problem in that class,” researchers from cybersecurity firm Calif said in a blog post.<\/p>\n\n\n\n

They said that with the right strategy and AI, even a tiny company can become so mighty that the world’s largest companies ask for their help.<\/p>\n","protected":false},"excerpt":{"rendered":"

GitHub said that it was hacked through a compromised employee device, with the hacker now selling private code on the dark web for hundreds of thousands. <\/p>\n","protected":false},"author":341213,"featured_media":648794,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[27887,84095,605,105078,105267,104783,15227,27196,11253,104784,105076,36626,123,104674,58966,105356],"class_list":["post-648766","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-ai","tag-anthropic","tag-apple","tag-bijan-sanii","tag-calif","tag-check-point-software","tag-cybersecurity","tag-dark-web","tag-github","tag-ian-van-rensburg","tag-inetco","tag-macos","tag-microsoft","tag-mythos","tag-source-code","tag-teampcp"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/648766"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341213"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=648766"}],"version-history":[{"count":5,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/648766\/revisions"}],"predecessor-version":[{"id":648815,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/648766\/revisions\/648815"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/648794"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=648766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=648766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=648766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}