A related discussion: https://news.ycombinator.com/item?id=48443135

The linked story includes some details on how this sort of attack works when a developer opens an infected project. This could be very important if you use a lot of open source projects in your project.

well, I think this is so common now that it does not even get attention anymore. the worst part is that a data leak from Microsoft wouldn't really benefit anyone, since they have nothing technical of value, just ungodly amounts of money.