What you need to know
- Hacking group Lapsus$ has been going after big-name companies ranging from NVIDIA to Ubisoft.
- It appears Microsoft is the latest target of the group's actions, with Lapsus$ allegedly leaking 37GB of Microsoft-owned source code.
- Those 37GB include a purported 90% of Bing's source code and 45% of Cortana's.
Though it was known that Lapsus$ was claiming to have Microsoft property, what wasn't known was when the group was going to put some of it on the web as proof. However, on Monday night, that changed.
On the evening of March 21, the hacking group allegedly dumped 37GB of Microsoft's source code onto the web in the form of a (compressed) 9GB 7zip archive (via BleepingComputer).
Lapsus$ claimed that the leaked files contain 90% of Bing's source code as well as 45% of Bing Map's and Cortana's source code. Security researchers that have been in contact with BleepingComputer reported that the contents of the leak appear to be authentic Microsoft property, meaning this may very well be another successful stab from Lapsus$ after its previous attacks against the likes of Samsung, Ubisoft, and NVIDIA.
One of the researchers who commented on the matter hypothesized that the group's ability to snatch data from such high-profile organizations stems from insiders. This would align with the group's own comments about actively recruiting people on the inside who would have access to such materials.
Lapsus$ also claimed to have Okta access, which has large implications since Okta is an authentication platform with a substantial number of high-profile customers and businesses attached to it. If one were to infiltrate the platform, companies could hypothetically be compromised by extension.
To summarize, it's an uncertain time for big companies that have managed to catch the attention of Lapsus$. For average PC users, though, the hacking group doesn't seem to be a threat. Just make sure you have the best antivirus software and keep your head down on the web.
Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to firstname.lastname@example.org.
Yikes! That's crazy! Imagine if they had gotten the Windows source code—that would be a big deal. I guess now with the Bing and Cortana source code out curious techies can have a look but I don't think it's enough for anyone to create derivatives from it (not that they could anyways since it's copyrighted).
I think they have lots of stuff even windows source code.. I think they just released things that's make less impact for Microsoft before they blackmail them for a $ before they sell everything they have unless they got paid. What scare me is that they did this with so many tec companies and no one can get them.
It is pretty crazy how much ground they've covered in such a short time when it comes to stirring the pot with tech companies.
So, if MS could be "surprised" by a hacking group getting into its Windows update services in Russia, so ransomware could be introduced to make donations to Ukraine . . . 🤔
Does this mean Cortana will get fixed?
Cortana is dead. There is nothing to fix.
No one cares. Windows 2000 source code was published many years ago. The world didn’t even notice. Do you actually think that anyone cares about Bing and Cortana? Both are totally irrelevant today. This is Much Ado About Nothing. Wake us up when they get iOS, Google and Netflix source code.
You, sir, are quite the moron.
Of course. How dare I state facts? 🙄
good. Make Cortana great again
Again? When was Cortana ever great?
Probably would have never happened if they never released Windows 11. Couldn't have happened to a better company.
Curious if the group on GitHub who are trying to hack the invoke and convert it to Alexa benefit from the Cortana source code?
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.