Microsoft open source tools hacked to steal AI developer passwords
Original: Microsoft's open source tools were hacked to steal passwords of AI developers
Why This Matters
Supply chain attacks on major tech platforms threaten AI development security
Microsoft temporarily removed dozens of GitHub repositories after hackers injected password-stealing malware into open source projects used by AI developers. The affected tools include Azure services and AI development applications like Claude Code and VS Code interfaces.
Microsoft cut off access to over 70 open source projects on GitHub following a supply chain attack where hackers embedded malware to steal developer credentials. The compromised repositories primarily affected Azure cloud services and AI development tools including Claude Code, Gemini's command line interface, and VS Code extensions. Security firms Cloudsmith and OpenSourceMalware first detected the breach. Microsoft spokesperson Ben Hope confirmed the company "temporarily removed some repositories as we investigated potential malicious content" and notified affected customers. Some repositories have been restored after review while others remain offline. This marks Microsoft's second known open source breach in recent weeks, highlighting the growing threat of supply chain attacks targeting widely-used development tools to access cloud systems and customer data.