A stylized illustration of a cylindrical cup with blue arrows and lines indicating a swirling or rotational motion inside the cup.
Briefs
Finance
Free NewsletterPro Login

3,800 GitHub Repos Just Got Stolen In A Plugin Hack

Nate Gregory
Published May 21, 2026
Share:
Summary:
  • Microsoft-owned GitHub said hackers stole data from around 3,800 in-house code repos.
  • The hack started with a poisoned VS Code plugin on a worker's device.
  • A group called TeamPCP claims credit and is selling the data on a cyber forum.

A single bad plugin just gave hackers a back-door pass into one of the most key parts of tech online.

GitHub is the code-sharing site Microsoft owns. It said hackers walked off with data from about 3,800 of its in-house code repos.

The firm shared the news in a series of posts on X. The probe is still going.

How They Got In

GitHub said the hack began with a "poisoned" VS Code plugin on one worker's PC. VS Code is Microsoft's well-used code editor.

Plugins are small add-ons that bring new tools to apps. They are now a top hacker target.

One bad plugin can quietly hit thousands of devices at once.

GitHub did not name the bad plugin. It said no user data outside its in-house repos appears to have been touched.

For scale: GitHub hosts code for millions of coders and most of the world's open-source work.

Microsoft bought the site in 2018 for $7.5 billion.

We break down stories like this in plain words in Market Briefs - sent each weekday morning, with a free investing class when you sign up.

Who's Behind It

A group called TeamPCP has taken credit, with reports from The Record and Bleeping Computer.

The group is now selling the stolen data on a cyber crime forum.

This is not their first big hit. TeamPCP took more than 90 gigs of data from the European Commission last time.

They got in by first breaking into Trivy, a small tool used to scan for bugs.

OpenAI was hit in a like-style attack on Tanstack, a small site used by web coders.

The pattern is plain: hackers go after small tools that coders trust, then ride those tools into much bigger firms.

These "supply chain" hacks have spiked of late. One bad tool can hit thousands of users at once.

What To Watch

The big question is what was inside the stolen repos.

In-house code can hold keys, security info, and unreleased product plans that hackers can resell or use to break into more firms.

For Microsoft investors, the timing stings. The firm sells itself as a top name in tech safety.

A hack of its own coder site is not a great look.

The broader risk is supply chain. If one bad plugin can hit GitHub, the same trick can hit other big sites.

That puts more weight on tech safety firms that scan for these threats.

Stocks in that space could see fresh buyer interest.

Hackers keep targeting the small tools that big firms rely on. Each new hack adds to the case for more spend on safety.

Microsoft and GitHub have not said yet if anything big was leaked. Until they do, the safer bet is that this story is not done.

More details from the probe could land in the days ahead.

If you want to stay on top of news like this and what it means for tech stocks, join Market Briefs - the daily wrap comes with a 45-minute investing course thrown in for free.

Disclosure

Get Market Briefs delivered to your inbox every morning for free!

No fluff. No noise. No politics. Just finance news you can read in 5 minutes.

Recent News

1 2 3 566

Blogs

May 5, 2026
How to Create Multiple Income Streams: A Beginner's Playbook
By Milena Thomas
  • Most people rely on a single income stream from their job - which is also the most heavily taxed.
  • Multiple income streams come from a mix of cash flow, dividends, side businesses, real estate, and royalties.
  • The fastest path for most beginners is starting with one extra stream - usually dividends or a side hustle - and stacking from there.
Read More
May 5, 2026
The 60/40 Portfolio Explained: A Beginner's Guide
By Nate Gregory
  • A 60/40 portfolio holds 60% in stocks and 40% in bonds (or other fixed income).
  • It's designed to balance growth from stocks with stability from bonds.
  • Your "right" mix depends on age, time horizon, income needs, and how well you sleep when markets drop.
Read More
May 5, 2026
How to Invest in Silver: A Beginner's Guide
By Jackson Moreland
  • Silver is both a precious metal and an industrial metal, used in solar panels, electronics, and medical tech.
  • Investors can buy silver four main ways: physical bars and coins, ETFs, mining stocks, or futures contracts.
  • Most beginners are best served by allocating a small slice of their portfolio to silver - usually between 1% and 3%.
Read More
May 1, 2026
Asset Allocation by Age: The Right Portfolio Mix at Every Stage of Life
By Andre Savage
  • Younger investors should hold mostly stocks because they have decades to recover from crashes and benefit from compounding.
  • Allocations gradually shift toward bonds and stable income as retirement approaches, but stocks remain important even past age 65 to outpace inflation.
  • Annual rebalancing is essential - it forces you to buy low and sell high while keeping your portfolio aligned with your actual life stage.
Read More
April 30, 2026
Stablecoin Explained: Why Some Cryptocurrencies Actually Aren't Volatile
By Jackson Moreland
  • Stablecoins are cryptocurrencies pegged to stable assets like the US dollar, giving crypto-style speed and access without the volatility of Bitcoin or Ethereum.
  • Fiat-backed stablecoins like USDC are the safest option, while algorithmic stablecoins have failed spectacularly and should generally be avoided.
  • Stablecoins fit a portfolio as cash reserves with better yields, a hedge against crypto volatility, and a fast, cheap rail for international transactions.
Read More
April 30, 2026
Buy Now, Pay Later Risks: Why This "Easy" Payment Method Is Dangerous to Your Wealth
By Nate Gregory
  • Buy now, pay later services like Klarna, Affirm, and Sezzle are debt products designed to feel harmless while keeping users in a cycle of overspending.
  • BNPL exploits psychological debt blindness, triggers late fees, and damages credit scores without helping users build positive credit history.
  • Building real wealth means waiting 30 days, paying upfront when you have the cash, and avoiding systems built to extract money from your future income.
Read More
April 30, 2026
Dividend Payout Ratio: The Secret Metric That Shows If a Stock Is Safe or Risky
By Jackson Moreland
  • Dividend payout ratio is total dividends paid divided by net income, showing the percentage of earnings a company returns to shareholders.
  • A 20-50% payout ratio is generally safe and sustainable, while ratios above 75% often signal a dividend cut is coming.
  • High dividend yields can be warning signs, not opportunities - safety and dividend growth matter more than the headline yield number.
Read More
April 30, 2026
Ethereum for Beginners: What It Is and Why Smart Investors Are Paying Attention
By Milena Thomas
  • Ethereum is a blockchain platform that runs smart contracts, while Ether (ETH) is the cryptocurrency that powers the network.
  • Use cases include decentralized finance, NFTs, gaming, supply chain tracking, and digital identity - many still experimental.
  • Most investors should treat Ethereum as a small allocation hedge using dollar-cost averaging, not a get-rich-quick lottery ticket.
Read More
April 30, 2026
Dollar Cost Averaging Strategy: How to Beat Emotion and Build Wealth Steadily
By Nate Gregory
  • Dollar cost averaging means investing the same amount at regular intervals regardless of what the market is doing.
  • The strategy automatically buys more shares when prices are low and fewer when prices are high, lowering your average cost over time.
  • DCA removes emotion, eliminates the need to time the market, and turns volatility into a mathematical advantage for long-term investors.
Read More
April 30, 2026
The BRRRR Strategy: How to Build Real Estate Wealth Without Big Money Down
By Andre Savage
  • BRRRR stands for Buy, Rehab, Rent, Refinance, Repeat - a five-step framework for scaling real estate without saving for big down payments.
  • The strategy works by buying distressed properties below market value, adding value through smart renovations, and pulling out equity through refinancing.
  • Tax advantages like depreciation and mortgage interest deductions make BRRRR a powerful tool for owners willing to manage tenants and contractors.
Read More
1 2 3 20
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Bluesky
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Copy link
CopyCopied