Microsoft is investigating reports that "say" that some people have gained access to internal source code repositories and stolen data.
The alleged intrusion is linked to the hacking group Lapsus $, which has dealt many blows to large companies: Nvidia, Samsung and Vodafone.
Evidence of the invasion emerged Sunday night when Tom Malka posted pictures on Twitter showing a conversation on Telegram with a picture of Microsoft source code repositories.
The screenshot shows that hackers downloaded source codes from Cortana and several Bing services. The post has been deleted in the meantime. So Microsoft told Bleeping Computer that it was investigating the reports.
Unlike most hacking groups, which install ransomware on the attacking systems, Lapsus $ tries to ransom downloaded data from the companies it attacked.
The main services from which Lapsus $ may have downloaded the source code appear to be Bing, Bing Maps and Cortana.
Source codes can contain valuable information. The code can be analyzed to find security vulnerabilities by hackers. There is also the possibility that source code may contain valuable information such as code signing certificates, access tokens or API keys. Microsoft has of course introduced a policy for devs that prohibits the inclusion of such elements in its source code
At the moment we do not know much about the hack. Did Lapsus $ manage to break Microsoft's defenses? Did the team manage to download data and, if so, what data was downloaded and how complete is it? Bing, Bing Maps and Cortana are not Microsoft's most important services.
But judging by the history of Lapsus $, it is possible that the reported hack did happen. The question is whether the downloaded files are so valuable that they receive a ransom from Microsoft for not publishing them on the Internet.