Microsoft confirms it was hacked, says stolen Bing and Cortana source code relatively unimportant

Over the weekend, a cyber extortion gang called Lapsus$ claimed to have stolen source codes for Bing and Cortana from Microsoft’s Azure DevOps server. The gang posted a screenshot of the compromised account on its Telegram channel along with a torrent link to download the 37GB source code archive. They claim the file contains 90% of the codes for Bing Maps and 45% for Bing – presumable the search engine – and Cortana, Microsoft’s digital voice assistant.

Microsoft did not immediately confirm that Lapsus$ gained access into internal servers as they were in the midst of an investigation. But today, it officially confirmed that Lapsus$ did compromise its systems. Referring to the gang as DEV-0537, Microsoft said they had gained access to a single employee’s account which granted limited access. What Microsoft defines as limited access wasn’t detailed, but it assures that no customer code or data was stolen during the incident.

According to the software giant, “Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.’

As for the source codes that have been exposed to the public, Microsoft says that “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Essential, what this means is the stolen source codes were not confidential nor proprietary, so it poses no harm to the company’s operations.

Leaked codes. Image source: BleepingComputer

Whether there were any demands made was not disclosed by Microsoft, but judging by the insignificance of the source code, I assume that the gang did not make any or Microsoft might have ignored any demands made.

Something else that Microsoft did not disclose is how exactly Lapsus$ compromised the employee’s account. It only provided the public and other corporations a general outline on how to mitigate a cyberattack. You can click here to read the full blog post, but I would like to highlight one method from the article that can be used by everyone.

If possible, you should enable multi-factor authentication or two-factor authentication (2FA). This means that you will be required to provide a second means of confirming your identity on top of your username and password. It’s recommended that you use a number matching authenticator like Microsoft Authenticator or Google Authenticator. Please, avoid using weak authentication means like SMS and email as these can be easily intercepted by SIM-jacking and compromised email accounts respectively.

Microsoft said it will continue to track the activities, tactics, malware, and tools of Lapsus$ via its Microsoft Threat Intelligence Center (MSTIC). If there are any updates, it will share additional insights and recommendations.

[ SOURCE , VIA , IMAGE SOURCE ]

Recent Posts

Dongfeng Box Malaysia: 94hp compact EV with up to 310km of range, priced from RM101k

Dongfeng Box is now officially available in Malaysia. Launched in partnership with Central Auto Distributors…

1 hour ago

Nissan Kicks e-Power now open for booking in Malaysia, priced below RM130,000

Edaran Tan Chong Motor (ETCM) has announced that the Nissan Kicks e-Power is now open…

5 hours ago

TikTok, Content Forum and UiTM empowers students with Digital Literacy to promote a safer digital space

TikTok in partnership with Communications and Multimedia Content Forum of Malaysia (CMCF) have recently organised…

8 hours ago

Tesla owners in Malaysia can finally use the Autopark feature

Tesla owners in Malaysia have reported that their vehicles can now perform the Autopark feature.…

8 hours ago

Asus ROG Phone 9 series launching in Malaysia on 10th December 2024

After unveiling its latest smartphones, the Asus ROG Phone 9 series, to the world, Asus…

8 hours ago

WhatsApp Voice Message Transcripts converts voice into text

WhatsApp has introduced a new Voice Message Transcripts feature which allows users to easily convert…

15 hours ago

This website uses cookies.