Microsoft confirmed on Tuesday night that after an investigation, it was found that some of the source code of some of the company’s products had been stolen by hackers.
Released on Monday night by the “Lapsus$” hacker group, a 9GB zip file is available for external download. It is said that there are more than 250 internal projects of Microsoft Corporation in this archive. It contains 90% of the Bing source code and approximately 45% of the Bing Maps and Cortana source code.
The data is said to come from Microsoft’s Azure DevOps server.
Early Sunday morning, Lapsus$ posted a screenshot on its Telegram channel showing that they had broken into Microsoft’s Azure DevOps Server, which contains source code for Bing, Cortana, and numerous other internal projects.
The uncompressed 37 GB collection does appear to be Microsoft’s source code, security researchers said. Some projects also include emails and documentation for Microsoft engineers to publish apps. These projects target web-based infrastructure, websites, or mobile applications and do not have source code for Microsoft desktop software, including Windows, Windows Server, and Microsoft Office.
Microsoft said it was aware of the group’s actions and was actively investigating the alleged intrusions and leaks.
Microsoft refers to Lapsus$ as DEV-0537, saying it hacked into “a single account” and stole the source code of some products. Microsoft investigators have been tracking the Lapsus$ group for weeks, detailing some of the methods they use to compromise victims’ systems, according to a blog post on Microsoft’s security site.
Microsoft insisted that the leaked code wasn’t serious enough to raise the risk, and its response team kept hackers out of the way.
It was previously reported that Lapsus$ obtained 1TB of Nvidia data, including driver, schematics or firmware information, as well as source code related to the operation of Samsung Galaxy devices. These intrusions and data thefts have been officially confirmed by NVIDIA and Samsung.
Identity company Okta said it detected an attempt to compromise the account of a third-party customer support engineer. Lapsus$ claimed that it did not access or obtain Okta’s own data, but that of its customers, including Cloudflare, Grubhub, Peloton, Sonos, T-Mobile and Yahoo.