Microsoft may have been hacked, with 37 GB of source code for Bing, Bing Maps and Cortana stolen. Or maybe not — Microsoft has yet to confirm the data theft, which was claimed over the weekend by a purportedly Brazilian group of hackers calling themselves Lapsus$. The group seems amateurish, but its previous claims of hacking into the company networks of Nvidia, Samsung and Ubisoft have proven to be true. Today, enterprise single-sign-on provider Okta (opens in new tab) confirmed that Lapsus$ had indeed broken into its systems by stealing an employee password. On Sunday (March 20), Lapsus$ put up what appeared to be screenshots of a Microsoft Azure DevOps cloud server containing the aforementioned items. Because the screenshot showed just part of an alphabetized list of projects, it’s possible many other Microsoft assets were compromised. On Monday (March 21), according to Bleeping Computer (opens in new tab), the Lapsus$ group posted a torrent link for a 9-GB compressed archive, which when unpacked seems to be 37 GB of web-based features and mobile apps. There didn’t seem to be any desktop software, such as Windows or Microsoft Office, involved, but Bleeping Computer said the files sure looked real. Whether Microsoft did indeed have several gigabytes of source code stolen, it’s not clear exactly how that could affect the end user. A French security researcher named Soufiane Tahiri claimed that valid Microsoft digital-signature certificates had been part of the Lapsus$ leak, which might let criminals and other attackers create malware that could get past Microsoft’s defenses. However, Will Dormann of the U.S. government’s CERT Coordination Center wasn’t so sure. For the moment, we’re going to have to wait and see whether Microsoft confirms the data theft, or criminals really do start exploiting secrets disclosed by the apparently stolen data. We’ve reached out to Microsoft for comment and will update this story when we receive a reply.
title: “Microsoft May Have Been Hacked What This Means For You” ShowToc: true date: “2022-11-27” author: “Ernest Hall”
Microsoft may have been hacked, with 37 GB of source code for Bing, Bing Maps and Cortana stolen. Or maybe not — Microsoft has yet to confirm the data theft, which was claimed over the weekend by a purportedly Brazilian group of hackers calling themselves Lapsus$. The group seems amateurish, but its previous claims of hacking into the company networks of Nvidia, Samsung and Ubisoft have proven to be true. Today, enterprise single-sign-on provider Okta (opens in new tab) confirmed that Lapsus$ had indeed broken into its systems by stealing an employee password. On Sunday (March 20), Lapsus$ put up what appeared to be screenshots of a Microsoft Azure DevOps cloud server containing the aforementioned items. Because the screenshot showed just part of an alphabetized list of projects, it’s possible many other Microsoft assets were compromised. On Monday (March 21), according to Bleeping Computer (opens in new tab), the Lapsus$ group posted a torrent link for a 9-GB compressed archive, which when unpacked seems to be 37 GB of web-based features and mobile apps. There didn’t seem to be any desktop software, such as Windows or Microsoft Office, involved, but Bleeping Computer said the files sure looked real. Whether Microsoft did indeed have several gigabytes of source code stolen, it’s not clear exactly how that could affect the end user. A French security researcher named Soufiane Tahiri claimed that valid Microsoft digital-signature certificates had been part of the Lapsus$ leak, which might let criminals and other attackers create malware that could get past Microsoft’s defenses. However, Will Dormann of the U.S. government’s CERT Coordination Center wasn’t so sure. For the moment, we’re going to have to wait and see whether Microsoft confirms the data theft, or criminals really do start exploiting secrets disclosed by the apparently stolen data. We’ve reached out to Microsoft for comment and will update this story when we receive a reply.
