Microsoft may be the latest addition to a list of victims targeted by Lapsus$, a data extortion group, which reportedly has been behind security breaches at Nvidia, Samsung, Vodafone and other major tech companies.
Over the weekend, Lapsus$ posted a screenshot (now deleted) to what believed to be their Telegram channel of information allegedly stolen from a hacked Microsoft's Azure DevOps server. Specific images shown in the screenshot included “Bing_UX,” “Bing-Source,” and “Cortana,” suggesting source code for Microsoft’s virtual assistant and search engine were accessed.
On March 22, the group posted a link to their Telegram channel to a torrent file allegedly containing “Bing, Bing Maps and Cortana source code.”
“Bing maps is 90% complete dump. Bing and Cortana around 45%,” the group wrote.
Microsoft has not confirmed if their Azure account was breached, but said it is aware of claims and is investigating them.