How many GitHub internal repositories were stolen?

About 3,800 GitHub internal repositories were affected

GitHub stated that attackers stole data from roughly 3,800 internal repositories. The breach was traced back to an employee’s use of a malicious VS Code extension, which enabled unauthorized access.

What GitHub says happened

According to the reporting, the attack did not rely on a vulnerability disclosed in public infrastructure. Instead, the access originated from a compromised development tool installed on an employee’s device.

Once the malicious extension ran, the attackers were able to reach GitHub’s internal repositories and exfiltrate information from them.

Why that figure is important

“3,800 repositories” is a scale indicator for the impact of supply-chain-style intrusions. Because extensions and npm packages are used broadly across teams, a single compromise can cascade into many internal projects—especially if the compromised tool can authenticate or act using legitimate developer permissions.

What remains unclear

The available details do not specify:

• how many employees were affected,
• whether other GitHub systems besides internal repositories were accessed, or
• the specific categories of data exfiltrated from each repository.

But the reported count is the key quantitative headline for the incident and suggests the attackers had wide reach inside GitHub’s internal development environment.