"We have checked our own environments thoroughly and found no traces of compromise. We suspect this may be part of the broader GitHub infrastructure breach carried out by the TeamPCP hacking group in May 2026: https://techcrunch.com/2026/05/20/github-says-hackers-stole-..."
Greater HN collective, please help me metaphorically double-click on this. I've poked around a bit but didn't find out much more than the given link. What are we concerned about the hack possibly having accomplished?
Because stealing repos is bad enough... but are we saying it's possible that commits can now magically appear in repos from hackers? I don't want to raise any alarms if I'm misreading this or if we're early in the news cycle, but if that's possible, I and a lot of other people reading this need to have some immediate conversations with a lot of people. So... is that what this is saying? Or am I misreading it? I sure hope so.
I was impacted. found weird spam repos that later were deployed on cloudflare redirecting my domains.
meanwhile the gitea running on my metalbox for nearly a decade has seen no compromise and 100% uptime when cloudflare has gone down repeatedly
im rethinking the whole "go where crowd is" , while great from evolutionary point of view, its the complete opposite. Where the crowd gathers online is the most dangerous place.
* GitHub's backwards priorities end up causing a hack on their systems.
* Hackers use their newly gained powers to compromise other people's repos.
* GitHub dectects compromised repo, and suspends the account of its maintainer, so they cannot warn nor act against it to protect or at least warn their community of users.
"I cause a fire, and later ban you for getting burned."
I had a repo with more than a dozen forks banned on GitHub for some unclear TOS violations. Ticket has been sitting for a week plus now, asking for clarification and guidance.
It's a running a fork (codeberg specific) of a fork of gitea called forgejo (https://codeberg.org/forgejo/forgejo) so it's not surprising. The people behind it were a bit miffed at Gitea doing some questionable commercial endeavors in their view and also not dog-fooding Gitea for Gitea.
Looking at the setup.js it seems to be an infostealer which posts the found details to a newly created github repo (on the victims account) or a command and control server. As far as I can tell it looks for github secrets and kubernetes cluster secrets.
Greater HN collective, please help me metaphorically double-click on this. I've poked around a bit but didn't find out much more than the given link. What are we concerned about the hack possibly having accomplished?
Because stealing repos is bad enough... but are we saying it's possible that commits can now magically appear in repos from hackers? I don't want to raise any alarms if I'm misreading this or if we're early in the news cycle, but if that's possible, I and a lot of other people reading this need to have some immediate conversations with a lot of people. So... is that what this is saying? Or am I misreading it? I sure hope so.
meanwhile the gitea running on my metalbox for nearly a decade has seen no compromise and 100% uptime when cloudflare has gone down repeatedly
im rethinking the whole "go where crowd is" , while great from evolutionary point of view, its the complete opposite. Where the crowd gathers online is the most dangerous place.
* GitHub's backwards priorities end up causing a hack on their systems.
* Hackers use their newly gained powers to compromise other people's repos.
* GitHub dectects compromised repo, and suspends the account of its maintainer, so they cannot warn nor act against it to protect or at least warn their community of users.
"I cause a fire, and later ban you for getting burned."
No wonder people are leaving.
I had a repo with more than a dozen forks banned on GitHub for some unclear TOS violations. Ticket has been sitting for a week plus now, asking for clarification and guidance.
So, it lives in codeberg now. https://codeberg.org/nelsonjchen/op-replay-clipper