// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
Breach Record

GitHub

DISCLOSED 2026-05-01 · SUPPLY CHAIN · 3,800 RECORDS EXPOSED

In May 2026, GitHub suffered a breach where a poisoned VS Code extension was used to steal 3,800 internal repositories in just 18 minutes. The attack vector was a supply chain compromise through a malicious extension. No threat actor or ransomware involvement was mentioned.

The record

What we know

Disclosed
2026-05-01
Attack vector
Supply Chain
Sector
technology
Country
US
Records exposed
3,800
Domain
github.com
Data classes exposed
source codeinternal repositories
ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

Unclear if a positive-security model would have prevented this supply chain attack, as the extension was likely signed and trusted, and the breach involved exfiltration of repositories rather than unauthorized changes to a known-good state.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other supply chain breaches on file

This page is the permanent ColdRecon entry for the GitHub disclosure. It updates if new public reporting emerges. All tracked breaches →

GitHub just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →