Intercom is a Privately Owned company headquartered in the US. Founded in 2011, it employs approximately 1,300 people. The company specializes in software development, providing customer engagement solutions.
On May 1, 2026, The Register reported that widely used software packages, including SAP Intercom and Lightning, were repeatedly exposed to hacking attacks where malicious actors planted malware inside official downloads used by developers. Earlier on May 1, a sophisticated worm identified as ‘Mini Shai-Hulud’ attacked multiple open-source ecosystems, targeting developer credentials and continuous integration environments, specifically breaching the popular PyTorch Lightning package on PyPI and the Intercom client on npm. This followed a cross-ecosystem supply chain attack on April 30, 2026, when the Mini Shai-Hulud campaign simultaneously compromised `intercom-client@7.0.4` on npm and versions `2.6.2` and `2.6.3` of PyTorch Lightning on PyPI. These malicious versions triggered automatic code execution on import (Python) and install (npm), enabling widespread credential harvesting. On the same day, Mini Shai-Hulud also moved into Packagist, where attackers replaced the contents of Intercom’s official PHP client, `intercom/intercom-php@5.0.2`, with a credential-stealing payload. This compromised PHP client, with over 20.7 million lifetime installs, used Composer plugin execution to download Bun and run an obfuscated credential-stealing payload that executed at install time, capable of quickly impacting high-value developer and CI/CD environments.
Subscribe for full access to Intercom's products in full detail 
