Microsoft is investigating reports that "say" that some people have gained access to internal source code repositories and stolen data.
The alleged hack is linked to the Lapsus$ hacking group, which has pulled off several major hits Companies: Nvidia, Samsung and Vodafone.
Evidence of the invasion emerged Sunday night when Tom Malka posted pictures on Twitter showing a conversation on Telegram with an image of Microsoft's source code repositories.
The screenshot shows that hackers downloaded source codes from Cortana and several Bing services. The post has been deleted in the meantime. So Microsoft told Bleeping Computer that it was investigating the reports.
Unlike most hacking groups, which install ransomware on the attacking systems, Lapsus $ tries to ransom downloaded data from the companies it attacked.
The main services from which Lapsus $ may have downloaded the source code appear to be Bing, Bing Maps and Cortana.
Source codes can contain valuable information. The code can be analyzed to find security vulnerabilities by hackers. There is also the possibility that source code may contain valuable information such as code signing certificates, access tokens or API keys. Microsoft has of course introduced a policy for devs that prohibits the inclusion of such elements in its source code
At the moment we do not know much about the hack. Did Lapsus $ manage to break Microsoft's defenses? Did the team manage to download data and, if so, what data was downloaded and how complete is it? Bing, Bing Maps and Cortana are not Microsoft's most important services.
But judging from the record of Lapsus$, it is possible that the reported hack did happen. The question is whether the downloaded files are so valuable that they will collect a ransom from Microsoft not to publish them on the Internet.
