Data and source code theft at Microsoft

© iStock.

Earlier this month, we wrote about the hacker group Lapsus$, which claimed responsibility for a big data heist at Samsung. The same group recently said it lifted almost 37GB of data from Microsoft, including some of the source code for the Bing and Cortana services. Microsoft confirmed the break-in and explained that stolen credentials made the theft possible. The company also specifies that no customer data was compromised during this incident.

The Lapsus$ hacker gang has caused a stir these past three months. It says it has accessed Nvidia, Samsung, Ubisoft, Vodafone, Okta, and now Microsoft data, among others. It was thought to operate out of Brazil after it claimed responsibility for the hack on the country’s health ministry and on Portuguese media (the SIC Notícias TV station and the Expresso newspaper). But according to Bloomberg, the mastermind might in fact be a teenager near Oxford in the UK. These hackers’ MO seemingly rely on social hacks such as phishing rather than on technical hacks, emphasizing how important it is to pay attention to human fallibility. These teenage gangs cause heavy damage among tech heavy hitters that you’d expect to be fully protected. If you’re interested, read on for the interview with Garett Spencley-Sales about integrating security in the software development cycle.

⇨ The Verge, Mitchell Clark, Richard Lawler, Jay Peters, “Microsoft confirms Lapsus$ hackers stole source code via ‘limited’ access.”

⇨ The Verge, Jay Peters, “A teen is reportedly the mastermind behind the Lapsus$ hacking group.”

⇨ Krebs On Security, Brian Krebs, “A closer look at the LAPSUS$ data extortion group.”

2022-03-23