After hacking the companies like NVIDIA, Samsung, the hacking group Lapsus$ has now claimed that they hacked Microsoft too. They have posted a file in an archive that holds 37GB of data which includes the source codes of Bing and Cortana. The group also claimed that they got around 90% source codes of Bing Maps and around 45% of Cortana.
Source code for Bing and Cortana leaked by hacker group
Responding to the claims, Microsoft also has released an official statement saying,
This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.
The company makes it clear in its statement that only a single account was compromised in the hack and some sections of the source code were stolen. Microsoft also says that they have been tracking this criminal activity by the Lapsus$ group for quite some time. The company has already started remedying the compromised account and took all the necessary steps to prevent the hacking further. As per the statement, the threat intelligence team at Microsoft intervened and interrupted the hacker’s mid-operation and thus the impact wasn’t that broad.
In a detailed blog post, Microsoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), and Microsoft 365 Defender Threat Intelligence Team explain what all a user can do to protect their online data and accounts. Do check the post and apply all the recommended measures to protect your accounts online. Microsoft also assure that they will continue to track DEV-0537’s malware, activities, tools, and tactics. \
Such hacks are getting more common each day, thus it is suggested to follow very tight operational security practices, especially the organizations.