Microsoft confirms it was hacked, says stolen Bing and Cortana source code relatively unimportant

Over the weekend, a cyber extortion gang called Lapsus$ claimed to have stolen source codes for Bing and Cortana from Microsoft’s Azure DevOps server. The gang posted a screenshot of the compromised account on its Telegram channel along with a torrent link to download the 37GB source code archive. They claim the file contains 90% of the codes for Bing Maps and 45% for Bing – presumable the search engine – and Cortana, Microsoft’s digital voice assistant.

Microsoft did not immediately confirm that Lapsus$ gained access into internal servers as they were in the midst of an investigation. But today, it officially confirmed that Lapsus$ did compromise its systems. Referring to the gang as DEV-0537, Microsoft said they had gained access to a single employee’s account which granted limited access. What Microsoft defines as limited access wasn’t detailed, but it assures that no customer code or data was stolen during the incident.

According to the software giant, “Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.’

As for the source codes that have been exposed to the public, Microsoft says that “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Essential, what this means is the stolen source codes were not confidential nor proprietary, so it poses no harm to the company’s operations.

Leaked codes. Image source: BleepingComputer

Whether there were any demands made was not disclosed by Microsoft, but judging by the insignificance of the source code, I assume that the gang did not make any or Microsoft might have ignored any demands made.

Something else that Microsoft did not disclose is how exactly Lapsus$ compromised the employee’s account. It only provided the public and other corporations a general outline on how to mitigate a cyberattack. You can click here to read the full blog post, but I would like to highlight one method from the article that can be used by everyone.

If possible, you should enable multi-factor authentication or two-factor authentication (2FA). This means that you will be required to provide a second means of confirming your identity on top of your username and password. It’s recommended that you use a number matching authenticator like Microsoft Authenticator or Google Authenticator. Please, avoid using weak authentication means like SMS and email as these can be easily intercepted by SIM-jacking and compromised email accounts respectively.

Microsoft said it will continue to track the activities, tactics, malware, and tools of Lapsus$ via its Microsoft Threat Intelligence Center (MSTIC). If there are any updates, it will share additional insights and recommendations.

[ SOURCE , VIA , IMAGE SOURCE ]

Recent Posts

Denza Z9 GT now in Malaysia for RM359k: Luxury sports EV with 600km of range

Denza Z9 GT is now officially in Malaysia after it was first demonstrated here over…

7 hours ago

Huawei MatePad Air 2026 with 144Hz PaperMatte OLED screen, six speakers previewed in Malaysia: Here’s what we know

Aside from launching the Huawei Pura 90s series, Huawei Malaysia also unveiled the MatePad Air…

11 hours ago

Gentari drops DC fast charging prices at select locations across Peninsular Malaysia

Gentari has announced a price cut for selected DC chargers across Peninsular Malaysia. EV owners…

13 hours ago

Gentari’s Ayer Hitam EV Charging Hub now upgraded with 7 DC Charge Points

Petronas Bandar Baru Ayer Hitam is one of the most popular EV charging hubs for…

21 hours ago

Proton Saga Cross AMA02 spotted undergoing testing at Federal Highway

We spotted a camouflaged car at Federal Highway earlier today that might be the new…

1 day ago

Huawei Pura 90s series arrives in Malaysia from RM3,699. Pro Max version gets a 200MP telephoto camera

Huawei has officially launched the Pura 90s series in Malaysia, its latest flagship camera phones…

2 days ago

This website uses cookies.