How Github got hacked and 3,800 repos got stolen

Prefer video instead of reading?

So, GitHub got hacked.

And I don’t mean a random user left their password on a sticky note, or a third-party integration leaked a few tokens. I mean GitHub’s own internal code repositories  and  the crown jewels of the company that basically runs the world’s version control  were stolen.

As of May 20, 2026, the investigation is still actively running. But what we already know paints a terrifying picture of modern software security. The entry point wasn’t a sophisticated, nation-state zero-day exploit.

It was a VS Code extension.

How 11 Minutes Broke the Perimeter

The breach started with an almost painfully boring action: a GitHub employee installed a poisoned VS Code extension.

That single installation gave the attacker access to the employee’s workstation. From there, they pivoted directly into GitHub’s internal network, exfiltrating roughly 3,800 internal repositories. The group claiming credit, a cybercrime outfit known as TeamPCP (also tracked as UNC6780), has already listed the dataset on underground forums for upwards of $50,000. If no one buys it, they plan to leak it.

GitHub reacted quickly. They isolated the infected device, ripped out the malicious extension, and spent the night rotating high-impact credentials. They’ve stated that customer repositories and enterprise accounts remain unaffected, but when it comes to the 3,800 internal repos  and proprietary platform source code, internal tooling, and organizational files — the damage is done.

But here is the detail most people are missing: the speed of the attack.

The day before GitHub confirmed their breach, the popular Nx Console VS Code extension (which boasts over 2.2 million installs and a verified publisher badge) was briefly backdoored.

The Stolen Token

Prior to May 18

An Nx contributor’s GitHub personal access token is scraped during a separate, earlier supply chain incident.

The Orphan Commit

May 18, 03:18 UTC

The attacker uses the stolen token to push a “dangling orphan commit” to the official nrwl/nx repo. It contains a 498 KB obfuscated payload hidden inside an index file.

The Poisoned Publish

May 18, 12:36 UTC

Using stolen VS Code Marketplace credentials, the attacker publishes nrwl.angular-console v18.95.0. It contains just 2,777 bytes of malicious code injected into main.js.

The Takedown

May 18, 12:47 UTC

The Nx team detects the rogue publish and yanks it from the marketplace.

The poisoned extension was live for exactly 11 minutes.

That sounds like a win for the community, right? Wrong. If you are a developer who opened your editor during that 11-minute window, and you had auto-update turned on, your machine downloaded the payload silently.

The Mini Shai-Hulud Worm

The payload dropped by these attacks isn’t just a simple script. TeamPCP utilizes a highly sophisticated, automated worm known as Mini Shai-Hulud.

Once it lands on a developer’s machine, it acts as a multi-stage credential stealer. It doesn’t just look for GitHub tokens; it rummages through your local environment for everything it can find. It checks .env files, extracts 1Password vaults, scrapes AWS keys, and even targets AI coding assistant configurations like Anthropic's Claude.

Worse, if it finds CI/CD credentials, the worm uses them to publish infected versions of other packages downstream, perpetuating the supply chain attack. It’s automated, ruthless, and terrifyingly efficient. In earlier attacks, it even carried a disk-wiping module that acted like Russian Roulette, wiping the rm -rf /* directory if certain geolocation conditions were met.

A Pattern, Not an Anomaly

If you think this was just a streak of bad luck for GitHub, zoom out. This is the third major GitHub-related security event in six weeks.

1. Late April (CVE-2026–3854): Wiz researchers uncovered a critical remote code execution (RCE) flaw in GitHub’s internal Git infrastructure. By exploiting an injection flaw via a simple git push command, attackers could execute arbitrary commands on backend servers. GitHub patched it in hours for GitHub.com, but at the time of writing, roughly 88% of GitHub Enterprise Server (GHES) instances are still vulnerable.

2. May 16 (Grafana Labs): The “CoinbaseCartel” group stole Grafana’s entire private source code, extorting them after slipping in through a compromised GitHub token obtained via a CI/CD pipeline vulnerability.

3. May 20: GitHub itself is breached via a VS Code extension.

The Real Problem: Your Laptop is the Perimeter

The uncomfortable truth exposed by the May 2026 GitHub hack is that the security perimeter no longer ends at the datacenter door or the cloud firewall. It ends on the developer’s laptop.

If you’re an engineer, your machine is a goldmine. You have production credentials, staging access, and AWS keys. And yet, that exact same machine runs whatever extensions you install from a marketplace where, practically speaking, anyone can publish. High install counts and “verified” badges are no longer guarantees of safety and  they are the exact signals attackers target to maximize their blast radius.

GitHub is one of the best-resourced engineering companies on the planet. Their incident response was stellar: they identified the breach, isolated the endpoint, rotated keys, and went public in a matter of hours. But it still happened to them.

What You Need to Do Right Now

Whether you are a solo dev or managing an enterprise team, you need to lock down your local environment immediately.

1.Disable VS Code Auto-Update:

This is the most critical fix. Auto-update guarantees that a poisoned payload gets installed the second you open your editor. Turn it off. Give the community time to spot malicious updates before you pull them down.

2.Audit Your Extensions:

Go to your extensions list. If you installed a random formatter three years ago for a weekend project, delete it. If an extension has 100 installs and was created two weeks ago, delete it. Keep your editor lean.

3.RotateThe Stolen Token

Prior to May 18

An Nx contributor's GitHub personal access token is scraped during a separate, earlier supply chain incident

Your GitHub Tokens:

It takes five minutes. If any of those 3,800 stolen internal repos contained tokens that could interact with the broader GitHub API, you want your credentials to be fresh and disconnected from any historical leaks.

4.Patch Enterprise Server (Admins Only):Critical fix for CVE-2026–3854.

If you are running GHES, upgrade to version 3.19.3 immediately. Eight out of ten instances are still vulnerable to a single malicious git push.

The era of blindly trusting developer tooling is over. When the tools we use to build software become the weapons used to dismantle it, the only defense is zero trust  and starting with your own code editor.