Lapsus$ posted “GITHUB INTERNAL” to its dark web leak directory on June 13, offering 3,800 stolen GitHub internal repositories to the highest private bidder and threatening a public torrent release if no buyer comes forward — 25 days after GitHub confirmed its internal systems had been exfiltrated through a malicious VS Code extension.
How a Malicious VS Code Extension Gave Lapsus$ 3,800 GitHub Internal Repositories
GitHub’s May 20 disclosure identified a malicious VS Code extension as the initial access vector for the breach. GitHub engineers use VS Code as their primary development environment, which means the attackers compromised GitHub’s internal repositories by targeting the tools GitHub’s own developers use to build the platform. A supply chain attack that begins inside the development toolchain of the world’s largest code hosting platform positions the attacker to exfiltrate materials — internal automation scripts, security tooling, AI model artifacts — that never pass through external-facing infrastructure at all.
GitHub confirmed the exfiltration of approximately 3,800 internal repositories in that disclosure. The company has not confirmed or denied the specific scope, categories, or figures described in Lapsus$’s June 13 dark web listing.
What Lapsus$’s GitHub Listing Claims the 3,800 Repositories Contain
Lapsus$’s listing describes stolen data spanning GitHub Actions workflows, GitHub Copilot internal projects, CodeQL security tooling, Dependabot, Codespaces, internal infrastructure, and security operations tools. The group claims 299 GitHub employees were compromised, 2,504,650 users were affected, 117 third-party employee credentials were exposed, and 135 external attack surface points were identified.
All of those figures remain unverified by GitHub. Lapsus$ has a documented track record of accurate breach claims — Microsoft, NVIDIA, Samsung, Rockstar Games, Adidas, AstraZeneca, and Vodafone all confirmed significant data losses following initial Lapsus$ announcements — but the specific counts and categories in the GitHub listing cannot be treated as confirmed until GitHub responds with its own assessment.
Why 25 Days Elapsed Between GitHub’s Disclosure and the Lapsus$ Dark Web Listing
GitHub disclosed the exfiltration on May 20; the Lapsus$ listing appeared 25 days later. That gap reflects the time spent sorting, categorizing, and appraising 3,800 repositories before establishing the listing’s commercial value. Identifying which repositories contain proprietary AI model artifacts, internal security scanning logic, or infrastructure credentials — rather than routine project code — requires substantial manual review at that volume.
The “public torrent if no buyer” structure follows Lapsus$’s established monetization approach. A private sale preserves the data’s commercial exclusivity; a public torrent release destroys resale value entirely. The threat to release publicly if no private buyer emerges applies indirect pressure on GitHub to consider engaging directly, while also narrowing the window for competing buyers.
What GitHub Copilot and CodeQL Source Code in Hostile Hands Means for Developers
GitHub Copilot is an AI coding assistant embedded in hundreds of millions of developer environments. Internal Copilot source code would expose proprietary AI prompting structures, safety layer implementation, and the software architecture bridging the model to editor integrations. For security researchers and adversarial actors, that kind of internal documentation carries more intelligence value than the compiled shipping product available to the public.
CodeQL is GitHub’s code security scanning engine, used to automatically analyze repositories for vulnerability patterns. Internal CodeQL source would hand a buyer a map of what vulnerability signatures the scanner recognizes and, by implication, which patterns it does not flag. That gap between what CodeQL detects and what it misses is directly valuable to anyone seeking to write code that passes automated security review while retaining exploitable conditions.
Lapsus$ operates as part of the Scattered Lapsus$ Hunters conglomerate, formed through its merger with Scattered Spider and ShinyHunters in mid-2025. The group’s confirmed historical breaches across major technology companies reflect a consistent targeting pattern: high-value intellectual property accessed through developer toolchain entry points rather than external network perimeters. The GitHub listing represents the group’s most significant claimed acquisition of platform infrastructure source code since its documented breach of Microsoft’s Azure DevOps environment.
