GitHub says hackers stole data from thousands of internal repositories

6:25 AM PDT · May 20, 2026

GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories.

The code hosting and sharing giant said in a series of posts on X that it has “no evidence of impact to customer information stored outside of GitHub’s internal repositories,” but noted its investigation was ongoing. GitHub said it “detected and contained a compromise of an employee device involving a poisoned VS Code extension,” referring to a plugin for Visual Studio Code, a popular code editor that developers use for programming.

Hackers are increasingly targeting popular open-source projects, including coding extensions, with the aim of compromising developers’ computers and their projects. Targeting popular projects allows hackers to gain access to vast numbers of computers at the same time, magnifying the impact of their attacks.

GitHub did not name the compromised...

Copyright of this story solely belongs to techcrunch.com. To see the full text click HERE