Overview
GitHub is investigating a data breach in which the TeamPCP threat actor gained access to over 3,800 internal repositories by first compromising employee developer devices through the ongoing TanStack npm supply chain attack. The breach is the latest in a wave of high-profile developer infrastructure compromises orchestrated by TeamPCP throughout 2026.
The attack vector — compromising employee workstations through poisoned npm packages rather than attacking GitHub's infrastructure directly — underscores a critical shift in supply chain attack methodology: target the developers, not the platform.
How the Breach Happened
The attack chain that led to GitHub's internal repository exposure followed the same pattern as TeamPCP's broader 2026 campaign:
Stage 1 — TanStack npm Compromise
TeamPCP compromised the TanStack npm package ecosystem,
injecting an infostealer payload into widely-used packages
installed by millions of JavaScript developers globally.
Stage 2 — Employee Device Infection
GitHub engineers who installed or updated affected TanStack
packages had the infostealer execute on their workstations.
The payload targeted:
- GitHub personal access tokens (PATs)
- Environment variables containing API keys and secrets
- Stored credentials in browsers and git credential managers
- SSH keys and deployment keys
Stage 3 — Token Exfiltration
Harvested GitHub tokens were silently transmitted to
TeamPCP's command-and-control infrastructure.
Stage 4 — Repository Cloning
Using stolen tokens, TeamPCP authenticated to GitHub's API
and bulk-cloned internal repositories accessible to the
compromised developer accounts — over 3,800 in total.
Stage 5 — Data Listed for Sale
The exfiltrated repository data was advertised on a
cybercrime forum, prompting GitHub's investigation.Scope of the Breach
GitHub's investigation identified the following scope:
| Component | Status |
|---|---|
| Internal source code repositories | Accessed — ~3,800+ claimed by TeamPCP |
| Customer data | No evidence of impact |
| Customer-facing infrastructure | Not compromised |
| GitHub Actions secrets | Under review |
| GitHub.com platform availability | Unaffected |
GitHub stated that while internal repositories were accessed, no customer data or production infrastructure was compromised. The breach was limited to internal tooling, automation scripts, and source code that GitHub employees developed and maintained privately.
The TanStack npm Attack Vector
The TanStack attack was one of the most consequential npm supply chain compromises of 2026. TanStack packages — including TanStack Query, TanStack Router, and TanStack Form — have millions of weekly downloads and are integral to modern React and JavaScript development stacks.
The attack involved:
- Compromising TanStack package maintainer accounts via social engineering or credential theft
- Publishing malicious versions of core TanStack packages with an embedded infostealer
- Infostealer execution on any developer machine that installed or updated the affected packages
- Credential harvesting targeting GitHub tokens, AWS credentials, and other secrets
The same TanStack vector simultaneously compromised OpenAI employee devices (forcing a macOS security update) and served as the initial access point for Grafana Labs' source code breach confirmed the same day.
Why Internal GitHub Code Matters
Even with no customer data accessed, internal GitHub source code carries significant value to an attacker:
- Security control logic: How GitHub detects abuse, scans repos for secrets, flags malicious Actions workflows
- Internal APIs and service integrations: Undocumented endpoints and microservices
- Vulnerability handling processes: How GitHub triages, patches, and discloses its own security issues
- Build and deployment automation: CI/CD pipelines, internal tooling, and release scripts
- Configuration and infrastructure as code: Server configurations, network layouts, internal service maps
This material could be used to identify undisclosed vulnerabilities in GitHub's platform, develop evasion techniques for GitHub's security scanning, or inform highly targeted follow-on attacks.
TeamPCP's 2026 Developer Infrastructure Campaign
GitHub represents one of the highest-profile victims in TeamPCP's escalating campaign against developer infrastructure:
| Target | Month | Method |
|---|---|---|
| Trivy Security Scanner | March 2026 | GitHub Actions tag hijack, CI/CD infostealer |
| European Commission | April 2026 | Supply chain pivot, 30 EU entities affected |
| Checkmarx | April 2026 | GitHub repo data posted on dark web |
| SAP npm packages | April 2026 | Mini Shai-Hulud worm, maintainer account compromise |
| Bitwarden CLI | April 2026 | Checkmarx supply chain spillover |
| Grafana Labs | May 2026 | TanStack attack token — private source code accessed |
| GitHub | May 2026 | TanStack employee device compromise — 3,800+ repos |
Protective Actions
GitHub recommends all users and organizations take the following immediate steps:
# Audit and rotate personal access tokens
# GitHub.com > Settings > Developer settings > Personal access tokens
# Revoke any token not actively used or created by an unfamiliar application
# Review OAuth Apps authorized on your account
# Settings > Applications > Authorized OAuth Apps
# Check organization audit log for anomalous repository access
gh api "/orgs/{org}/audit-log?phrase=action:repo&limit=100" | \
jq '.[] | {actor, action, repo, created_at}'
# List all fine-grained PATs in your organization
gh api "/orgs/{org}/personal-access-token-requests"
# Rotate any GitHub Actions secrets that may have been accessible
gh secret list --repo {owner}/{repo}
# Check for unexpected GitHub Actions workflow modifications
gh api "/repos/{owner}/{repo}/actions/workflows" | \
jq '.workflows[] | {name, path, state}'Dependency Hygiene After TanStack
Organizations with TanStack packages in their dependency tree should audit for exposure:
# Check if TanStack packages are in your dependency tree
npm list | grep tanstack
yarn list --pattern "@tanstack/*"
# Review package-lock.json or yarn.lock for TanStack versions
grep -A2 "tanstack" package-lock.json
# Scan your project for hardcoded or exposed tokens
git secrets --scan
trufflehog filesystem .
# Rotate any GitHub tokens that were present in the development environment
# during the period the compromised packages were installedBottom Line
The GitHub breach demonstrates that even the most hardened platforms can be breached through their users. TeamPCP did not need to find a zero-day in GitHub's infrastructure — they needed only to poison a popular npm package that GitHub developers use every day.
This attack pattern — compromise developer toolchain → harvest tokens → access internal systems — has proven devastatingly effective across 2026's supply chain campaign. The lesson for every engineering organization is clear: developer workstations are now part of your security perimeter.
Sources
- The Hacker News — GitHub Investigating TeamPCP Claimed Breach of 4,000+ Internal Repositories
- GitHub Security Statement