Though it was known that Lapsus$ was claiming to have Microsoft property, what wasn’t known was when the group was going to put some of it on the web as proof. However, on Monday night, that changed.
On the evening of March 21, the hacking group allegedly dumped 37GB of Microsoft’s source code onto the web in the form of a (compressed) 9GB 7zip archive (via BleepingComputer).
Lapsus$ claimed that the leaked files contain 90% of Bing’s source code as well as 45% of Bing Map’s and Cortana’s source code. Security researchers that have been in contact with BleepingComputer reported that the contents of the leak appear to be authentic Microsoft property, meaning this may very well be another successful stab from Lapsus$ after its previous attacks against the likes of Samsung, Ubisoft, and NVIDIA.
One of the researchers who commented on the matter hypothesized that the group’s ability to snatch data from such high-profile organizations stems from insiders. This would align with the group’s own comments about actively recruiting people on the inside who would have access to such materials.
Lapsus$ also claimed to have Okta access, which has large implications since Okta is an authentication platform with a substantial number of high-profile customers and businesses attached to it. If one were to infiltrate the platform, companies could hypothetically be compromised by extension.
To summarize, it’s an uncertain time for big companies that have managed to catch the attention of Lapsus$. For average PC users, though, the hacking group doesn’t seem to be a threat. Just make sure you have the best antivirus software and keep your head down on the web.