In the latest in a series of major breaches, a hacking group allegedly leaked 37 gigabytes of source code from Microsoft, code relating to hundreds of projects including Bing and Cortana.
The Lapsus$ hacking group made a torrent of a 9-gigabyte zip archive available for download on Monday night. The 7zip archive was reported to include over 250 internal Microsoft projects.
According to a Telegram channel snapshot shared by the group on Sunday and viewed by BleepingComputer, the data was purportedly acquired from Microsoft's Azure DevOps server. The source code in the projects included code from a variety of high-profile and internal initiatives, including Bing search, Bing Maps, and the Cortana virtual assistant.
According to security analysts, the uncompressed 37-gigabyte collection does appear to include real Microsoft source code. Emails and documentation intended for Microsoft engineers to publish apps were also discovered in several of the projects.
However, it appears that the code does not apply to locally-run desktop applications such as Windows or Microsoft Office, as it consists mostly of infrastructure, websites, and mobile app code.
Microsoft maintains it is aware of the group's accusations and is actively investigating the purported infiltration and leak.
The big data breach is the latest by Lapsus$, which has achieved reputation in a short period of time by collecting and disclosing vast quantities of data from major technology businesses. Among these events are the 190 terabytes of data exposed by Samsung in early March, as well as additional assaults on Mercado Libre, Nvidia, Ubisoft, and Vodafone.
With the majority of attacks targeting source code repositories, one explanation suggests that the hackers are obtaining access from an inside source. Previously, the organisation sought to recruit personnel from selected firms in order to essentially purchase access to corporate networks.