It was recently revealed that a South American-based hacking group known as Lapsus$ has broken into and stolen 37 GB of internal source code.  The hacking group posted on the anonymous communications platform Telegram a screenshot of Microsoft’s Azure DevOps account which showed that they had hacked on the company’s servers which contained the source code for Microsoft applications Bing, Cortana, and a number of other internal projects.

The hacking group has made the source code for over 250 Microsoft projects available online in a downloadable torrent file that anyone can access.  The content itself contains 90% of the source code for Bing and 45% of the source code for both Bing Maps and Cortana.

Security researchers who work with the website BleepingComputer stated that after further examination of the contents, they are confident that the leaked files are legitimate internal source code from Microsoft.

In addition to internal source code, the hacking group also revealed other internal communications and data such as emails, and documentation that was used internally by Microsoft engineers working on mobile apps.  These projects appear to be related to web-based infrastructure, websites and mobile apps.  So far it appears that the group did not steal or gain access to any source-code related to Microsoft’s desktop software such as Windows 11, Windows Server or Microsoft Office products.

Due to the high notoriety of the hack, it is expected that security groups and law enforcement agencies will start taking action to disrupt the groups activities before they strike again.  However the extensive damage has been done, showing that even large enterprise companies like Microsoft can be susceptible to security vulnerabilities and data breaches.

How Can You Mitigate the Risks Hackers Pose to Your Data

Hacking groups like those who broke into Microsoft and revealed their source code and internal data are not alone.  There is a never-ending war between security experts and hacking groups such as the Lapsus$ group.  You can mitigate the risks of losing your internal company data by following some basic rules.

Always ensure your computers are up to date, and protected with Anti-Virus software.  Hackers take advantage of security vulnerabilities that can be exploited to do things like elevating account privileges, which could allow hackers to create new accounts with even greater access to files.  By keeping your devices up to date, you can keep these security loopholes closed as much as possible.

Ensuring that your data is backed up using a versatile and robust backup system will help to ensure that if data is ever lost or stolen through a ransomware attack, you can easily recover the lost data after recovering the hacked systems.

Working with a Managed IT services company like Natural Networks is a great way to mitigate risks and security vulnerabilities as well.  Managed IT Services providers are able to monitor your workstations 24 hours a day, ensuring your systems are up to date, secured with robust anti-virus, and backed up.  If your interested in learning more about how a Managed IT Services company like Natural Networks can help keep your IT infrastructure secured, give us a call today!