Microsoft's open source tools were hacked to steal passwords of AI developers

	Microsoft's open source tools were hacked to steal passwords of AI developers(techcrunch.com)
	538 points by raffael_de 2 days ago \| 185 comments
	tl;dr: Microsoft disabled at least 70 of its GitHub repositories—many related to Azure and AI coding tools like Claude Code, Gemini CLI, and VS Code—after hackers injected password-stealing malware targeting developers who used them. The company confirmed the takedown and notified affected customers, though it hasn't disclosed how many were impacted. Researchers say this appears to be a re-compromise of Microsoft's Durable Task project, which was breached in a similar supply-chain attack in mid-May.
	HN Discussion: ↑AI coding assistants and lax token/RBAC practices have dramatically increased supply chain risk ↓The article's framing unfairly blames open source rather than Microsoft's practices •Developers should use sandboxing and stricter security policies to limit attack blast radius ↓Questioning how obfuscated code passed reviews and noting the title misleads about scope of impact ↑Microsoft's repeated security failures undermine trust in them for critical infrastructure