The hacking group Lapsus$ has gained “limited access” to Microsoft’s data, according to the company. In a security blog post, Microsoft acknowledged the hacking incident. Microsoft said that the hacker group infiltrated “a single account,”. Microsoft, on the other hand, stated that no customer code or data was compromised as a result of the cyberattack.
Microsoft has responded following the statements of Lapsus$, which claimed to have hacked data from it. According to BleepingComputer, the hacker group has also leaked a 37-gigabyte file containing source code for more than 250 Microsoft products, including the search engine Bing, Bing Maps, and the voice-assistant software Cortana. Furthermore, it may contain sensitive data that poses a potential threat to employees’ data and software certificates.
Microsoft stated in its security blog post that its cybersecurity response teams had taken necessary steps to prevent further data breaches. Microsoft also disclosed some of the hacking group’s strategies in cyberattacks in the section of the blog titled “Actor actions against Microsoft,”
Although Microsoft stated that the cyberattack will have no impact on its customers, it did offer some recommendations on how to avoid data breaches. Microsoft adviced Multifactor authentication, strong passwords or passwordless authentication, and a VPN as an extra layer of authentication to its customers.
Lapsus$ claimed to have hacked Okta’s security earlier this week. Okta, located in the United States, manages authentication services for thousands of companies. The hacker gang admitted that it did not steal any company databases, instead targeted on its corporate customers. Checkpoint, an IT security firm, described Lapsus$’s ability to infiltrate corporate networks and applications using private keys gained through intrusion into Okta’s servers as “possibly disastrous.” Okta, on the other hand, has denied any such attacks, claiming that no evidence of “ongoing malicious activity” has been found.