GitHub Breach Aftermath: Data Sold to LAPSUS$ for $95,000

Price jump and timeline

On 2026‑05‑19 TeamPCP posted on BreachForums offering roughly 4,000 private GitHub repositories for $50,000 , stating the offer was not a ransom and that the data would be released for free if no buyer appeared. GitHub confirmed on 2026‑05‑20 that about 3,800 internal repositories had been stolen and identified a malicious VS Code extension as the initial access vector.

On 2026‑05‑21 TeamPCP removed the original post, transferred the data to the dark‑web group LAPSUS$, and raised the asking price to $95,000 . Dark‑web researcher Matthew Maynard (DataBreachToday/ISMG) verified the change. Independent researcher Kevin Beaumont (Mastodon) confirmed that LAPSUS$ published a full file‑tree list and sample data on LimeWire, describing the file tree as “real and very long.”

2026‑05‑19 – TeamPCP advertises data for $50,000.

2026‑05‑20 – GitHub confirms ~3,800 repositories stolen via malicious VS Code extension.

2026‑05‑20 – TeamPCP withdraws post, moves data to LAPSUS$, price rises to $95,000.

2026‑05‑21 – LAPSUS$ releases file‑tree and samples on LimeWire; TeamPCP taunts GitHub on X.

LAPSUS$ role and business model

LAPSUS$, first seen in 2022, targets high‑profile victims (e.g., Samsung, Ubisoft, Microsoft) with a “steal‑and‑sell” model: they exfiltrate data, publish samples, set auction prices, and do not demand ransom or encrypt the data. Their infrastructure includes a dark‑web leak site and established buyer networks, which complements TeamPCP’s expertise in acquiring data through supply‑chain attacks.

Previous supply‑chain precedent

In late April 2026 TeamPCP performed a Trivy supply‑chain attack, obtained credentials, and infiltrated Checkmarx’s GitHub repository, exfiltrating 96 GB of data. SecurityBoulevard’s analysis, cited by DataBreachToday, stated that the Trivy attack “provided credentials that made the GitHub intrusion possible; LAPSUS$ later obtained and published the stolen data,” illustrating how a single upstream supply‑chain vulnerability can cascade into multiple downstream compromises.

Aikido Security’s Mackenzie Jackson added that TeamPCP’s 2026 activity spanned “Trivy, Checkmarx, Bitwarden CLI, TanStack, now GitHub—entire developer toolchain. A single malicious VS Code extension on an employee’s machine is enough.”

Attacker taunt

TeamPCP’s X account (@xploitrsturtle2) posted a public mock‑ery of GitHub’s security team after the official statement, accusing GitHub of delaying disclosure and refusing to be honest.

Data distribution on the dark web

LAPSUS$’s release on LimeWire includes:

File‑tree leak – the complete directory structure of the stolen repositories, indicating that distribution has begun regardless of payment.

Sample data – partial repository contents, including internal keys, API configurations, and infrastructure URLs. GitHub’s statement notes no evidence of customer‑data impact, but does not clarify whether such infrastructure‑level information was part of the breach.

Buyer profile – the $95,000 price suggests buyers are likely nation‑state intelligence services, large cyber‑crime syndicates, or commercial threat‑intel firms capable of leveraging the exposed code, keys, and architecture diagrams.

Implications and recommended self‑assessment

The data has already been copied and is being disseminated. GitHub’s wording that “customer data has not suffered secondary impact” distinguishes internal repository theft from user‑code theft, yet the presence of cloud credentials, CI/CD keys, and service URLs in the leaked repositories remains unconfirmed.

Enterprises, especially GitHub Enterprise customers, should perform a self‑assessment:

Search all committed code (including historic commits) for residual confidential information.

Rotate every GitHub Actions secret used in CI/CD pipelines.

Audit the list of VS Code extensions installed by all organization members – identified as the most urgent action this week.

Security researchers are already publishing comprehensive extension‑audit guides and KQL queries to detect lingering malicious extensions.

Code example

.env