Microsoft confirms it was hacked after releasing 37GB of sensitive data

Microsoft was hacked by a gang of hackers. After stealing data from Nvidia and Samsung, the group of hackers managed to gain access to Microsoft’s servers. The attackers left with 37 GB of sensitive data, including source code from Bing or Cortana. The company, however, claims that no user was affected by the attack and that its teams managed to cut short the data extortion.

Update March 23, 2022

In a long blog post, Microsoft confirms that it was hacked by LAPSU$. At first, the Redmond firm seeks to reassure. She assures that “no customer code or data was involved in the observed activities” and that the hack is not large enough to cause harm to users. She also explains that only one account of the company was infiltrated, which allowed hackers to access confidential data. In addition, the publication of these documents allowed Microsoft to “to intervene and interrupt the actor in the middle of the operation, thus limiting a wider impact”. As explained in our article, LAPSU$ did not ask for a ransom, as it was able to do for Nvidia. Microsoft sees this as the action of a group “motivated by theft and destruction”.

Article from March 22, 2022

Microsoft has been the victim of a hack, report our colleagues from Bleeping Computer. By gaining access to an Azure server, the Lapsus$ hacker group claims to have gotten their hands on the source code of Bing, the voice assistant Cortana and other projects developed by the company’s teams.

In recent weeks, Lapsus$ has already taken on several tech giants. In early March, the group of hackers managed to penetrate Nvidia’s servers to steal confidential documents. In exchange for his silence, the gang demanded an end to all limitations that prevent mining cryptocurrencies with graphics cards. Soon after, the group stole 190 GB of data from Samsung servers.

Hackers allegedly received help from a Microsoft employee

During the Microsoft hack, Lapsus$ took over 37 GB of confidential data owned by Microsoft. This time, the group did not demand a ransom from the company. This Monday, March 21, 2022, Lapsus$ published all the data stolen during the attack on the web.

Shared on the gang’s Telegram conversion, the torrent file contains information about 250 Microsoft signed projects. According to the hackers, the file contains 100% source code for Bing and about 45% source code for Bing Maps (alternative to Google Maps) and Cortana. It also contains the code for Web infrastructures, Internet sites and mobile applications.

Experts, interviewed by Bleeping Computer, analyzed the leaked data to confirm its authenticity. Experts have also found internal emails exchanged between Microsoft employees in the file.

Read also: Microsoft offers a promotion to users who have pirated the Office suite

According to the researchers interviewed by the media, it is likely that Lapsus$ relied on the help of accomplices within the firm. Contacted by the media, Microsoft claims to be aware of Lapsus$’s assertions. The American giant claims to have opened an investigation to clarify the matter.

Source: Bleeping Computer

Leave a Comment