Microsoft confirms it was hacked by LAPSUS$

After a number of reports of dumping files by the hacking group LAPSUS$, Microsoft has confirmed that it has been hacked. The U.S. based software giant has confirmed that it has been compromised through a single account. The company confirmed about the hack in a security blog post that was published late on March 22, 2022.

Microsoft in its blog post explained that the hackers had earlier in the week made a few public claims that they were able to gain access to Microsoft along with exfiltrated portions of source code.
But it added that no customer code or data was involved in the activities. The security blog post also said that their investigation found a single account compromised with limited access. Microsoft assured that their team of cyber security were quick to react and fix the compromised account and prevent any further activity.

Although the hack was of limited nature, but any kind of hack is certainly not a good news for an organization as big as Microsoft. Thankfully there was no impact on the customers. After the hack reports, Microsoft has recommended users to make use of multifactor authentication at all locations and is also encouraging to use strong passwords or passwordless authentication and adding VPN as an extra protection. LAPSUS$, which is a cybercriminal group, had claimed to have breached the software giant. It had started to dump files that were allegedly taken from the hack. It was on March 21, 2022 when the cybercriminal group had started to circulate 10 GB of compressed archive that had internal data from the Bing search engine of Microsoft.

It also had the source code to the voice assistant software Cortana. The group in a public chatroom said that Bing Map is 90 percent complete dump while Bing and Cortana at 45 percent. Reports said that the archive expanded to 37 GB after it was uncompressed. And contained the source code to more than 250 projects that belonged to Microsoft.

Photo Credits: Pixabay