GoKawiilGitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code.
GitHub's cloud-based development platform is used by more than 4 million organizations (including 90% of the Fortune 100) and over 180 million developers who contribute to more than 420 million code repositories.
The company has yet to share more information about the investigation, but said it currently has no evidence that customer data stored outside its internal repositories has been affected.
"We are investigating unauthorized access to GitHub's internal repositories," GitHub told BleepingComputer when asked for further details.
"While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity."
GitHub also said that all affected customers will be alerted through established notification and incident response channels if any evidence of impact is discovered.
TeamPCP claimed access to "Github's source code and internal orgs" on the Breached hacking forum on Tuesday, asking for at least $50,000.
"No low ball offers will be accepted, everything for the main platform is there and I very am happy to send samples to interested buyers to verify the absolute authenticity. There is a total of around ~4,000 repos of private code here," they said.
"As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free. If you are interested. Send your offers to the communications below, we are not interested in under 50k, the best offer will get it."
TeamPCP GitHub breach claims (Matthew Maynard)
... continue reading