Microsoft - Data Breach
Executive Summary
Microsoft shut down over 70 of its GitHub repositories, including Azure and AI-related projects, after hackers planted malware designed to steal credentials from users of AI coding tools like Claude Code and Gemini CLI. When developers opened compromised packages in these tools, the malware would harvest their login information. Microsoft is currently investigating the breach, though the full scope remains unclear.
What Happened
Microsoft shut down more than 70 of its GitHub repositories, including Azure and AI-related projects, following the discovery of planted malware in at least one compromised package. The malware was designed to harvest developer credentials when opened in AI coding tools such as Claude Code and Gemini CLI. Microsoft confirmed it is investigating the breach, though the full extent of the compromise and the number of affected repositories remain unclear.
Who Is Affected
Software developers who accessed or downloaded the compromised packages from Microsoft's GitHub repositories are potentially affected, particularly those using AI-powered coding assistants like Claude Code or Gemini CLI. Any developers whose credentials were harvested could face unauthorized access to their accounts and associated systems. The geographic scope of impact is unclear but likely global given GitHub's worldwide developer base.
Why It Matters
This incident demonstrates that even major technology companies' official repositories can be compromised to distribute credential-stealing malware, undermining trust in software supply chains. The targeting of AI coding tools represents an emerging attack vector as developers increasingly rely on AI assistants for development work. The breach's scale - affecting more than 70 repositories from a single major vendor - suggests a sophisticated campaign that could have widespread ripple effects across organizations using Microsoft's development tools and libraries.
What You Should Do
If you are a developer who recently accessed Microsoft GitHub repositories or used packages from them in AI coding tools, immediately change your GitHub credentials and any associated passwords. Review your account activity logs for unauthorized access or suspicious commits. Scan your development environments for malware and consider rotating API keys, tokens, and other secrets that may have been exposed. Enable two-factor authentication on all development accounts if not already active.
Summary generated from verified sources and reviewed before publication. How we summarize.