Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Microsoft responds to hack of Cortana and Bing source code

A hacking group has hit Microsoft, getting into Azure DevOps source code repositories and leaking source code for Cortana and several other Microsoft projects. It is the latest round of attacks by the group going by the name of “LAPSUS$,” which also successfully targeted Nvidia, Ubisoft, and other large technology giants.

The latest update from the group, coming on March 22, includes the sharing of a 9GB archive, which has source code for 250 Microsoft projects. Of those, the group claims to have 90% of the source code for Bing, and 45% of the source code for Bing Maps and Cortana. This is only some of the hacked data, with the full archive having 37GB of Microsoft source code.

Related Videos
Alexa says hello on a windows PC that's next to a smart speaker with Alexa.

The source code for Windows and Office are not included in the leak, according to Bleeping Computer, which believes the leaked files are genuine. The files instead are tied to mobile apps or websites and contain emails and other documents used internally by Microsoft engineers who worked on the projects.

Microsoft confirmed the hack in a blog post, which details the actions of the LAPSUS$ group that it tracks as DEV-0537. In the post, Microsoft said that the hackers had “limited access” to source code since a single account had been compromised. Microsoft went on to explain that no customer code or data was involved in the activities.

“Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” said Microsoft.

The company also mentioned that it does not rely on the secrecy of code as a security measure and that viewing the source code does not lead to elevation of risk. This is similar to what Microsoft explained during the Solarigate investigation, where a compromised account had been used to view source code, though it didn’t have permission to modify engineering systems.

“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action, allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact,” explained Microsoft.

As dangerous as this sounds, the hacking group LAPSUS$, isn’t typical. The group is more interested in holding the source code ransom for tech giants in order to make a profit. That’s because source code repositories could also have API keys and code signing certificates. LAPSUS$ did this with Nvidia when it stole DLSS code and demanded that the GPU maker “completely open-source (and distribute under a FOSS license) [its] GPU drivers.”

Article updated on March 23 with Microsoft response to LAPSUS$ hack.

Editors' Recommendations

Check your inbox — Microsoft just sent out the first wave of ChatGPT Bing invites
Bing copilot AI chat interface.

Microsoft's revamped ChatGPT-powered Bing search engine is here, and the first wave of invites is already out. After previewing the new search engine last week, Microsoft set up a waitlist for the first wave of ChatGPT Bing testers. If you signed up, check your email to see if Microsoft has granted you access.

According to Microsoft, more than 1 million people signed up to get an early preview of the ChatGPT-powered Bing, and for good reason. When we tested the new search engine at Microsoft's headquarters, it proved itself extremely useful immediately (despite a few rough edges).

Read more
ChatGPT has taken Microsoft Bing from meme to mainstream with a packed waitlist
The new Bing preview screen appears on a Surface Laptop Studio.

There was a mad rush to sign up for Microsoft's new ChatGPT-powered Bing search, perhaps signaling a turnaround for the search engine that seemed forever destined to be in second place, given Google's overwhelming dominance. Over a million people requested early access to Bing's ChatGPT-powered search.

You might already know the reason for this sudden interest. The new Bing has AI superpowers that allow it to converse like a human while accessing a vast store of knowledge from the internet. In a few short months, we've all grown to understand how important that is, thanks to the game-changing AI goodness of Dall-E and ChatGPT, among others.

Read more
Microsoft’s emoji library goes open source
The design process of emoji.

Microsoft has announced it is making over 1,500 emojis in its library open source for developer and creator use as of Wednesday.

You can access the Microsoft emoji library on Figma and Github, with the brand noting that images can be saved as SVG, PNG, and JPG files "to allow for true versatility." However, Microsoft recommends you make a "vector, flat, and monochrome version," of each emoji designed for "scale and flexibility.

Read more