Overview
GitHub has officially confirmed that it was breached by the TeamPCP threat actor, following the group's advertisement of alleged GitHub internal source code and repository data on a cybercrime forum. The company stated that while an internal breach occurred, no customer data was impacted by the intrusion.
The confirmation marks one of the highest-profile targets yet in TeamPCP's 2026 supply chain campaign — a campaign that has already compromised the Trivy security scanner, Checkmarx, SAP npm packages, Bitwarden CLI, the Grafana codebase, and dozens of other developer tools and infrastructure providers.
What GitHub Confirmed
In its public statement, GitHub acknowledged:
- Internal repositories were accessed without authorization
- The TeamPCP group was identified as responsible for the intrusion
- No customer data was impacted or accessed
- No customer-facing infrastructure was compromised
- The GitHub Security team conducted a thorough internal investigation
- Access tokens and secrets involved in the breach have been rotated
GitHub thanked security researchers and The Record media for coverage that prompted rapid public disclosure.
The Breach Vector: TanStack npm Supply Chain Attack
The breach vector was consistent with TeamPCP's ongoing Mini Shai-Hulud npm worm campaign. The attack chain:
1. Malicious code hidden inside compromised TanStack npm packages
executes on GitHub employee development machines
2. Infostealer payload harvests GitHub personal access tokens (PATs)
stored in environment variables, config files, or credential managers
3. Stolen tokens grant TeamPCP access to GitHub internal repositories
at the scope of the compromised developer accounts
4. TeamPCP clones ~4,000 internal repositories before tokens are rotated
5. Stolen repository data is listed on cybercrime forumsThe same vector was used the same day to breach Grafana Labs, where a stolen GitHub environment token obtained via the TanStack npm attack provided access to Grafana's private source code.
TeamPCP's 2026 Developer Infrastructure Campaign
TeamPCP has established itself as the dominant threat actor targeting developer infrastructure in 2026. Their confirmed and claimed victims include:
| Target | Date | Impact |
|---|---|---|
| Trivy Security Scanner | March 2026 | 75 GitHub tags hijacked, infostealer pushed via CI/CD |
| European Commission | April 2026 | Breach affecting 30 EU entities |
| Checkmarx | April 2026 | GitHub repository data sold on dark web |
| SAP npm packages | April 2026 | Credential theft via Mini Shai-Hulud worm |
| Bitwarden CLI | April 2026 | Compromised in Checkmarx supply chain wave |
| Checkmarx Jenkins AST plugin | May 2026 | Supply chain compromise |
| Grafana Labs | May 2026 | Private source code accessed via GitHub token |
| GitHub | May 2026 | ~4,000 internal repositories confirmed stolen |
Why This Matters Even Without Customer Data Impact
GitHub is foundational infrastructure for the global software supply chain. Internal GitHub source code and tooling contain information about:
- Security control logic — how GitHub detects abuse, scans for secrets, and enforces policies
- Internal APIs — endpoints and service integrations not exposed publicly
- CI/CD automation — how GitHub's own systems build and deploy code
- Vulnerability handling processes — how GitHub triages and patches its own security issues
Even without direct customer data exposure, knowledge of this material could be used to:
- Identify undisclosed vulnerabilities in GitHub's platform
- Develop evasion techniques for GitHub Actions security scanning
- Craft more convincing phishing targeting GitHub users and organizations
- Plan follow-on attacks against GitHub's supply chain customers
Protective Actions for GitHub Users and Organizations
GitHub has recommended that customers take the following precautions:
# Review and rotate GitHub personal access tokens
# Settings > Developer settings > Personal access tokens
# Revoke tokens not recently used or from unrecognized applications
# Audit GitHub Apps installed on your organization
# Settings > Installed GitHub Apps > Review and remove unauthorized apps
# Check organization audit log for anomalous events
gh api /orgs/{org}/audit-log --paginate | jq '.[] | select(.action | test("repo|member|oauth"))'
# List all webhooks across repositories
gh api /repos/{owner}/{repo}/hooks
# Review GitHub Actions secrets for unexpected entries
gh secret list --repo {owner}/{repo}
# Enable branch protection and require signed commits
gh api /repos/{owner}/{repo}/branches/{branch}/protectionContext: The 2026 npm Supply Chain Wave
The GitHub confirmation arrives at the peak of an unprecedented npm supply chain attack campaign:
- March 2026: Trivy GitHub Actions breach; 75 release tags backdoored
- April 2026: Mini Shai-Hulud worm released; spreads through npm ecosystem via compromised maintainer accounts
- May 2026: Shai-Hulud source code publicly released, spawning clone campaigns; TanStack compromise infects OpenAI employee devices; Grafana breached; GitHub breached
The campaign demonstrates that npm package maintainer accounts are now primary attack targets — compromising a single high-value maintainer can cascade to hundreds of downstream projects and, as seen here, breach some of the most critical companies in the software industry.
Bottom Line
GitHub's confirmation puts the seal on what has been the most consequential day of the 2026 supply chain campaign. Alongside the Grafana breach confirmed on the same date, TeamPCP demonstrated that even the largest and most security-mature development platforms are not immune to credential theft through compromised dependencies.
Organizations dependent on GitHub — which is to say, virtually every software company — should treat token rotation, dependency auditing, and GitHub Actions security review as immediate priorities.
Sources
- The Record — GitHub confirms being hacked by TeamPCP, says customer data unaffected
- GitHub Security Blog