GitHub has confirmed a security breach involving its internal code repositories, compromised through a malicious Visual Studio Code extension. The breach affected approximately 3,800 internal repositories, though external user data and repositories remain unaffected. The attackers, identified as TeamPCP, have claimed responsibility and are attempting to sell the stolen data on underground forums. In response, GitHub has removed the malicious extension, isolated affected devices, and rotated critical credentials. The company is conducting a thorough investigation and plans to release a comprehensive incident report. Developers are advised to proactively rotate API keys and credentials as a precautionary measure.