Microsoft confirms Lapsus$ breach, denies danger of source code leaks

Surface Laptop 4 Amd 2021 Keyboard Lights
Surface Laptop 4 Amd 2021 Keyboard Lights (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • On Monday, March 21, the same group that went after NVIDIA and Samsung (among others) released source code for Microsoft's Bing and Cortana.
  • In a blog post, Microsoft confirmed that legitimate files had indeed been stolen, though the company denied the idea that said files going public created any sort of advanced security risk.
  • The company claims "no customer code or data was involved" in the activities it saw.

Cybercriminal group Lapsus$ has made quite a name for itself in a short amount of time, staging attacks against NVIDIA, Samsung, and others wherein it secures sensitive data then threatens to go public with it. And, just as it teased it would do to Microsoft, it has.

On Monday, March 21, 2022, following a brief hint that it had Microsoft goods to share, it dumped 37GB worth of files onto the web, including 90% of Bing's source code and 45% of Cortana's. Experts were confident the files were authentic Microsoft property, and now the company itself has confirmed their theories. However, the Windows 11 maker claimed it only observed a single compromised account with limited access, and that source code leaks don't mean much in the way of security in this instance.

Furthermore, Microsoft made sure to note that "no customer code or data was involved" and claimed that Lapsus$'s public data dump backfired by alerting Microsoft to the threat, allowing them to cut short the cybercriminal operation.

When it comes to Microsoft's security recommendations for combatting Lapsus$, it touted multifactor authentication (MFA), even though it admitted Lapsus$ works to sniff out gaps and weaknesses in MFA. It also recommended giving employees a refresher on social engineering strategies and and reminded orgs to be aware that the group likes to monitor "incident response communications," meaning channels with those comms need to be secure.

Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to