GitHub is investigating a security breach after cybercrime group TeamPCP claims to have accessed nearly 4,000 private repositories containing the platform’s internal source code.
The group posted the allegedly stolen data for sale on the Breached hacking forum on Tuesday, demanding a minimum of $50,000 for a buyer, while also threatening to release everything for free if no offer was forthcoming.
GitHub investigates internal repository breach.
In a statement posted on Twitter, GitHub said it is investigating “unauthorized access” to its internal repository. The company said it has so far seen no evidence that customer data has been affected outside those systems, which include enterprise environments and public or private user repositories.
GitHub said it is monitoring its infrastructure for any further attacks and will notify any customers if there is a risk involved.
TeamPCP, a hacking group, was identified as responsible for this attack on a cybercrime forum, where it claims to have gained access to approximately 4,000 private repositories. It states that it requires at least $50,000 from the buyer, as it contains the source code as well as organizational information.
The hackers offered the data for sale as a one-time transaction, after which if no buyers were found they would either destroy the data or publish it publicly.
TeamPCP is known for previously attacking developer ecosystems, including platforms like PyPI, npm, and Docker.
In March, TeamPCP was also linked to the hacking of Aqua Security’s Trivi scanner, and this resulted in hacks that compromised container images and open-source software. The attack is said to have distributed the malware among thousands of devices.
Security professionals say hacks involving internal repositories could have significant ramifications if source code or credentials are stolen. GitHub, an organization used by more than four million organizations, the majority of which are Fortune 100 companies, is important in software development worldwide.
