Microsoft confirms it was hacked, says stolen Bing and Cortana source code relatively unimportant

Over the weekend, a cyber extortion gang called Lapsus$ claimed to have stolen source codes for Bing and Cortana from Microsoft’s Azure DevOps server. The gang posted a screenshot of the compromised account on its Telegram channel along with a torrent link to download the 37GB source code archive. They claim the file contains 90% of the codes for Bing Maps and 45% for Bing – presumable the search engine – and Cortana, Microsoft’s digital voice assistant.

Microsoft did not immediately confirm that Lapsus$ gained access into internal servers as they were in the midst of an investigation. But today, it officially confirmed that Lapsus$ did compromise its systems. Referring to the gang as DEV-0537, Microsoft said they had gained access to a single employee’s account which granted limited access. What Microsoft defines as limited access wasn’t detailed, but it assures that no customer code or data was stolen during the incident.

According to the software giant, “Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.’

As for the source codes that have been exposed to the public, Microsoft says that “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Essential, what this means is the stolen source codes were not confidential nor proprietary, so it poses no harm to the company’s operations.

Leaked codes. Image source: BleepingComputer

Whether there were any demands made was not disclosed by Microsoft, but judging by the insignificance of the source code, I assume that the gang did not make any or Microsoft might have ignored any demands made.

Something else that Microsoft did not disclose is how exactly Lapsus$ compromised the employee’s account. It only provided the public and other corporations a general outline on how to mitigate a cyberattack. You can click here to read the full blog post, but I would like to highlight one method from the article that can be used by everyone.

If possible, you should enable multi-factor authentication or two-factor authentication (2FA). This means that you will be required to provide a second means of confirming your identity on top of your username and password. It’s recommended that you use a number matching authenticator like Microsoft Authenticator or Google Authenticator. Please, avoid using weak authentication means like SMS and email as these can be easily intercepted by SIM-jacking and compromised email accounts respectively.

Microsoft said it will continue to track the activities, tactics, malware, and tools of Lapsus$ via its Microsoft Threat Intelligence Center (MSTIC). If there are any updates, it will share additional insights and recommendations.

[ SOURCE , VIA , IMAGE SOURCE ]

Recent Posts

Malaysia Airlines’ new A330neo grounded temporarily due to production issues

Malaysia Airlines has temporarily grounded its brand new Airbus A330neo after completing four commercial flights.…

13 hours ago

Proton e.MAS 7: Here’s how much it cost to maintain this EV

Pro-Net recently revealed that you only need to service the new Proton e.MAS 7 EV…

2 days ago

Proton e.MAS 7: How much does it cost to replace the tyres?

The Proton e.MAS 7 is one of the most value for money SUVs at the…

2 days ago

Samsung to launch its new AI-powered home appliances with improved ecosystem integration at CES 2025

Samsung has announced that it will be holding its press conference titled "AI for All:…

2 days ago

SoyaCincau Awards 2024: The Best Phones of the Year

Modern smartphones are very capable computing devices, thanks to powerful hardware trickling down the price…

3 days ago

CelcomDigi offers 5G Home WiFi at RM69/month for Postpaid customers

If you're a CelcomDigi Postpaid 5G customer and can't get fibre broadband for your home,…

3 days ago

This website uses cookies.