Yesterday's report that Microsoft had been compromised by Lapsus$, the same hacker group that's been terrorizing tech organizations like Nvidia and Samsung, has been proven correct. Microsoft admitted to being hacked in a security blog post last night.
"Our investigation has found a single account had been compromised, granting limited access," wrote Microsoft. "Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity."
Related: Leaving Russia “Wasn’t An Option” For Some Apex Legends Teams
Hacker group Lapsus$ claimed to have stolen 37GB of data, including the source code of over 250 projects, 90 percent of the source code for Bing, and 45 percent of the source code for Cortana. They also claimed to have obtained emails and documentation from several of Microsoft's engineers.
Unlike with Nvidia, however, Microsoft seems to have caught Lapsus$ in the act and prevented the hacker collective from making off with even more data. ”Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion," Microsoft said, adding that "no customer code or data" was stolen.
Microsoft noted that Lapsus$, known internally at Microsoft as DEV-0537, has been on a rampage over the past several weeks. To combat Lapsus$ illegal activities, the bulk of the tech giant's blog update actually details how Lapsus$ operates, how it manages to get into so many organizations' systems, and what everyone can do to stop them.
Lapsus$ doesn't install ransomware like so many hackers do, but instead works on "a pure extortion and destruction model." They target companies all over the world ranging from tech to media to retail,
Read more on thegamer.com