Microsoft specialists have launched an investigation into allegations that the hacker group Lapsus$ hacked the internal repositories of the Azure DevOps source code and stole data.
Lapsus$ participants published a screenshot of the supposed internal repositories of the source code in the Telegram messenger. The screenshot refers to the Azure DevOps repository containing the source code for Cortana and various Bing projects named “Bing_STC-SV”, “Bing_Test_Agile” and “Bing_UX”. The screenshot also shows other source code repositories, but it is not known what they contain.
Microsoft has not yet confirmed that their Azure DevOps account has been hacked. Although the source code leak makes it easier to find vulnerabilities in the company’s software, Microsoft assured that the incident does not create an increased risk of cyber attacks.
“We at Microsoft have an internal approach-using open source software development best practices and an open source-like culture-to make the source code viewable at Microsoft. This means that we don’t rely on source code secrecy for product security, and our threat models assume that attackers know the source code,” Microsoft explained in a blog post.