Was GitHub really hacked in May 2026?

Oui. GitHub a officiellement confirmé le 21 mai 2026 que des hackers ont accédé à 3 800 de ses dépôts internes privés via une version malveillante de l'extension Nx Console pour VS Code. Le point d'entrée est l'attaque supply chain TanStack qui a également touché OpenAI, Mistral AI et Grafana Labs.

What is the Nx Console VS Code extension and why is it dangerous?

Nx Console est une extension populaire pour Visual Studio Code, l'éditeur de code le plus utilisé au monde. Elle avait plus de 2 millions d'installations. Des hackers ont compromis le compte d'un développeur de l'équipe Nx pour publier une version malveillante de l'extension, qui volait automatiquement les tokens d'authentification GitHub des développeurs qui la téléchargeaient.

Are my data at risk if I use GitHub?

Si vous êtes un développeur utilisant GitHub avec VS Code et l'extension Nx Console, vos tokens d'authentification ont peut-être été volés. Changez immédiatement votre mot de passe GitHub, révoquez tous vos tokens d'accès personnels et activez la double authentification. Si vous êtes un simple utilisateur de services basés sur GitHub, vos données ne sont pas directement menacées.

Why are OpenAI and Mistral AI also affected?

OpenAI et Mistral AI utilisaient tous deux des outils de développement liés à l'écosystème TanStack/Nx dans leurs workflows internes. L'attaque supply chain a infecté leurs environnements de développement via la même chaîne : TanStack → Nx Console → credentials volés → accès aux dépôts. C'est la nature des attaques supply chain : un seul point de compromission peut infecter des dizaines d'organisations.

💻 GitHub / VS Code 🚨 Breaking

GitHub Hacked: 3,800 Repos Stolen via Malicious VS Code Extension — OpenAI and Mistral AI Also Hit

📅 21 May 2026 ⏱️ 5 min de lecture 🚨 Sources: GitHub, BleepingComputer, The Hacker News — confirmed this morning

GitHub has confirmed this morning an attack of unprecedented scale : hackers accessed 3,800 internal private repositories — dont source code, secrets and authentication tokens. Le point d'entrée ? A simple malicious VS Code extension — Nx Console, installed by millions of developers. Et GitHub is not alone: OpenAI, Mistral AI and Grafana Labs were hit by the same attack chain.

3 800

GitHub internal repos compromised

2M+

Installations of the poisoned Nx Console extension

Tech giants hit: GitHub, OpenAI, Mistral, Grafana

🔗 The attack chain — how it all started

This affair is a perfect example of a cascading supply chain attack : a single initial point of compromise contaminated dozens of organisations within days, like a digital domino effect.

⛓️ The infection chain — from first link to GitHub

📦 TanStack Popular npm package compromised first

→

💻 Nx Console VS Code extension infected after TanStack

→

🔑 Tokens volés GitHub credentials of devs stolen

→

🏢 GitHub / OpenAI / Mistral Internal repos accessed

Here is the precise sequence as confirmed by GitHub and security researchers:

Step 1 — TanStack compromised: Hackers infected the TanStack/router npm package, a very popular JavaScript library, by exploiting weaknesses in the publishing process
Step 2 — Nx Console infected: One of the Nx team developers had their workstation compromised via TanStack. Hackers then published a malicious version of the Nx Console VS Code extension
Step 3 — Millions of devs infected: Developers worldwide updated Nx Console without suspecting anything — silently downloading a GitHub token-stealing malware
Step 4 — Access to private repos: With the stolen tokens, hackers were able to access the private GitHub repositories of their victims — including employees of GitHub itself, OpenAI, Mistral AI and Grafana Labs

🏢 Who was affected?

🐙 GitHub (Microsoft)

3,800 internal private repositories compromised. Source code, infrastructure secrets and access tokens potentially exposed. GitHub immediately revoked all compromised tokens.

🤖 OpenAI

OpenAI developers used Nx Console in their workflows. The exact extent of the compromise has not been disclosed. OpenAI confirmed the incident without giving details.

🇫🇷 Mistral AI

Already hit by the TanStack attack on its NPM/PyPI packages (which we reported on 14 May), Mistral is again involved in this new wave. A double blow for the French AI startup.

📊 Grafana Labs

The company behind the open-source Grafana monitoring tools (used by millions of companies worldwide) is also affected. Potential impact on critical infrastructure monitoring data.

😱 Why this is particularly serious

What makes this attack exceptionally dangerous is what is inside the internal GitHub repositories of companies like OpenAI or GitHub itself:

🚨 What hackers may have obtained

Proprietary source code — the internal algorithms of OpenAI and Mistral AI models
API keys and secrets — credentials giving access to entire cloud infrastructures
Training data — the datasets used to train AI models
Internal vulnerabilities — unpatched flaws in their products
Infrastructure blueprints — the technical architecture of the world's most secure systems
Customer data — depending on how the repositories were organised

💡 What this means for you — even if you're not a developer

This attack doesn't directly affect everyday users — but its consequences concern you indirectly and deeply.

⚠️ Indirect risks for everyday users

If you use ChatGPT (OpenAI) — internal code may have been stolen, which could eventually enable fake versions of ChatGPT to be created to trick you
If you use Le Chat (Mistral AI) — second incident in a week for Mistral, raising questions about the platform's overall security
If your company uses Grafana — infrastructure monitoring data may have been exposed
For everyone — this attack shows that even the world's most secure companies can be compromised via a simple development tool

💡 If you're a developer — urgent actions

Change your GitHub password immediately
Revoke all your personal access tokens on GitHub: Settings → Developer settings → Personal access tokens → Delete all
Check your VS Code extensions — uninstall Nx Console if you have it, and any extension you didn't intentionally install
Audit your repositories for unauthorised access: Settings → Security → Audit log
Enable two-factor authentication on GitHub if not already done

🌍 The 2026 wake-up call — supply chain, the new Achilles' heel

This affair is part of a deep trend in 2026: supply chain attacks have become the preferred attack method of the most sophisticated hackers. Rather than directly attacking ultra-secure targets like GitHub or OpenAI, they infect tools that these targets use.

In 2026, supply chain attacks have increased by 312% compared to 2024. TanStack → Nx Console → GitHub/OpenAI/Mistral is just the latest example. The same technique hit SolarWinds in 2020, XZ Utils in 2024, and now the entire JavaScript/npm ecosystem in 2026.

❓ Questions fréquentes

Yes. GitHub officially confirmed on 21 May 2026 that hackers accessed 3,800 of its internal private repositories via a malicious version of the Nx Console VS Code extension. The entry point is the TanStack supply chain attack which also hit OpenAI, Mistral AI and Grafana Labs.

Nx Console is a very popular extension for Visual Studio Code, the world's most widely used code editor, with over 2 million installations. Hackers compromised the account of an Nx team developer to publish a malicious version that automatically stole GitHub authentication tokens from developers.

If you are a developer using GitHub with VS Code and the Nx Console extension, your authentication tokens may have been stolen. Change your GitHub password immediately, revoke all access tokens and enable two-factor authentication. If you are a regular user of GitHub-based services, your data is not directly at risk.

OpenAI and Mistral AI both used tools linked to the TanStack/Nx ecosystem in their internal workflows. The supply chain attack infected their development environments via the same chain: TanStack → Nx Console → stolen credentials → repository access. That's the nature of supply chain attacks: a single point of compromise can infect dozens of organisations.

💡 Vous aimerez peut-être aussi

🤖 French AI Mistral AI hacked — the first incident (14 May) → 🇫🇷 Dossier All cyberattacks in France in 2026 → 🤖 Android TrickMo — the virus draining bank accounts → 🛡️ Guide Which antivirus to choose in 2026? →

Questions about the security of your digital tools?

CyberGuard answers all your questions — free, no jargon, in plain English.

🤖 Talk to CyberGuard →

📖 Complete guide — Protect Your Family Online

30 pages · Viruses, scams, personal data · Instant PDF

Buy $6.90 →