Microsoft's open source tools were hacked to steal passwords of AI developers

Microsoft yanked access to dozens of GitHub projects after attackers apparently slipped password-stealing code into tools tied to Azure and apps developers use to build with artificial intelligence helpers. In plain English: people downloaded tools they thought were safe, and opening them could hand over secret login details. Microsoft says some projects are back, others are still offline, and a small number of customers were warned directly. But the big gasp from the crowd wasn’t just the hack — it was who got hacked: Microsoft, owner of GitHub, getting hit on its own turf.

The comment section’s mood was basically: of course this happened. One dry line summed up the exhaustion perfectly: “another day, another supply chain vulnerability.” Translation for non-security people: yet another case where hackers poison trusted software so the damage spreads far and wide. Others immediately went full detective mode, posting links to lists of the 73 disabled repositories and connecting it to earlier reports, including claims this may be a repeat compromise rather than a one-off disaster. That turned the story from “bad day at Microsoft” into “wait, did they not fully clean this up the first time?”

And then came the dark comedy. One commenter casually noted that even a Homebrew tap got caught in the mess, widening the panic. Another dropped the bleakly funny slogan, “The Age of Agentic Development,” which reads like both a meme and a warning label. The vibe? Equal parts weary, nosy, and brutally amused that the future of AI coding just got a very old-school password heist.