Microsoft’s Open Source Tools Hacked to Steal AI Developers' Passwords
Microsoft’s Open Source Tools Hacked 🚨
Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
At least 70 projects belonging to Microsoft have been disabled, per a message loading when trying to access the projects’ pages on GitHub, a code-hosting site that Microsoft owns. “Access to this repository has been disabled by GitHub Staff due to a violation of GitHub’s terms of service.”
OpenSourceMalware stated that Microsoft’s latest incident is a “re-compromise” of the Durable Task project, suggesting that Microsoft may not have eradicated the hackers on its first attempt or an entirely new, distinct breach.