Recently, there are rumors that a hacking group leaked Microsoft’s 37GB source code in connection with hundreds of projects, including Bing and Cortana, the latest in a series of major cybersecurity incidents. The Lapsus$ hacking group publicly released a 9GB compressed file on Monday night. These zip archives allegedly contain more than 250 internal projects obtained from Microsoft.
The data allegedly came from Microsoft’s Azure DevOps Server, and screenshots of the Telegram channel released by the organization on Sunday were seen by BlendingComputer. The source code in these projects covers a range of high-profile and internal projects, including code related to Bing Search, Bing Maps, and the Cortana voice assistant.
The collection of uncompressed 37 GIBytes includes Microsoft source code, and some projects also include email and document records designed for Microsoft engineers to release applications, security researchers said.
However, the code doesn’t seem to work with desktop software that runs locally like Windows or Microsoft Office, and it consists mostly of infrastructure, website, and mobile app code.
Microsoft said it understood the group’s claims and was actively investigating the alleged intrusions and spills.
This massive data breach is the latest incident for Lapsus$, an organization that “gained fame” in a short period of time by obtaining and leaking large amounts of data from large tech companies. Such incidents include 190GB of data leaked from Samsung in early March, as well as other attacks on Mercado Libre, NVIDIA, Ubisoft, and Vodafone.
Since the attack primarily obtained the source code, one theory is that the hackers obtained it through internal channels. The group has previously tried to recruit employees so they can effectively buy access to corporate networks.
