Microsoft confirms it was hacked, says stolen Bing and Cortana source code relatively unimportant

Over the weekend, a cyber extortion gang called Lapsus$ claimed to have stolen source codes for Bing and Cortana from Microsoft’s Azure DevOps server. The gang posted a screenshot of the compromised account on its Telegram channel along with a torrent link to download the 37GB source code archive. They claim the file contains 90% of the codes for Bing Maps and 45% for Bing – presumable the search engine – and Cortana, Microsoft’s digital voice assistant.

Microsoft did not immediately confirm that Lapsus$ gained access into internal servers as they were in the midst of an investigation. But today, it officially confirmed that Lapsus$ did compromise its systems. Referring to the gang as DEV-0537, Microsoft said they had gained access to a single employee’s account which granted limited access. What Microsoft defines as limited access wasn’t detailed, but it assures that no customer code or data was stolen during the incident.

According to the software giant, “Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.’

As for the source codes that have been exposed to the public, Microsoft says that “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Essential, what this means is the stolen source codes were not confidential nor proprietary, so it poses no harm to the company’s operations.

Leaked codes. Image source: BleepingComputer

Whether there were any demands made was not disclosed by Microsoft, but judging by the insignificance of the source code, I assume that the gang did not make any or Microsoft might have ignored any demands made.

Something else that Microsoft did not disclose is how exactly Lapsus$ compromised the employee’s account. It only provided the public and other corporations a general outline on how to mitigate a cyberattack. You can click here to read the full blog post, but I would like to highlight one method from the article that can be used by everyone.

If possible, you should enable multi-factor authentication or two-factor authentication (2FA). This means that you will be required to provide a second means of confirming your identity on top of your username and password. It’s recommended that you use a number matching authenticator like Microsoft Authenticator or Google Authenticator. Please, avoid using weak authentication means like SMS and email as these can be easily intercepted by SIM-jacking and compromised email accounts respectively.

Microsoft said it will continue to track the activities, tactics, malware, and tools of Lapsus$ via its Microsoft Threat Intelligence Center (MSTIC). If there are any updates, it will share additional insights and recommendations.

[ SOURCE , VIA , IMAGE SOURCE ]

Recent Posts

Xiaomi’s first clamshell foldable smartphone redefines style in a compact yet powerful form

This post is brought to you by Xiaomi. Combining cutting-edge technology with a sleek, foldable…

1 hour ago

GXBank to rollout GX FlexiCredit this month, GX Biz Banking for MSME coming soon

During its GX 2.0 event, GXBank revealed its new digital financial products aimed at helping…

2 hours ago

GX 2.0: GXBank continues to offer unlimited cashback with some tweaks

GXBank turns one and they have revealed its latest features and initiatives for its next…

3 hours ago

MG ZS EV now available for RM99,999: The cheapest electric SUV in Malaysia

You can now get an MG ZS EV for as low as RM99,999, making it…

4 hours ago

Prime Minister’s Department: Over 1,500 cyberattacks launched at ministries’ infrastructure systems

There have been over 1,500 cases of cyberattacks launched against Malaysian ministries' infrastructure systems in…

9 hours ago

Malaysia’s largest DC charging hub is opening soon at Iskandar Puteri, Johor

DC Handal is expected to unveil what appears to be Malaysia's largest EV charging hub…

1 day ago

This website uses cookies.