Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft, Okta Investigating Data Theft Claims

Microsoft has launched an investigation after a hacker group claimed to have stolen the source code of some of the tech giant’s products.

Microsoft has launched an investigation after a hacker group claimed to have stolen the source code of some of the tech giant’s products.

The cybercrime group named Lapsus$ made the claims. The same gang recently took credit for attacks on NVIDIA, Samsung, Vodafone, and Ubisoft, and in most cases the victims have confirmed suffering a data breach.

The hackers on Monday leaked 40 Gb of files allegedly belonging to Microsoft. They claim the files store source code for Bing, Bing Maps and the Cortana virtual assistant. The leaked files and folders are dated March 20, 2022.

“Bing maps is 90% complete dump. Bing and Cortana around 45%,” Lapsus$ wrote on its Telegram channel.

Microsoft source code leak

“We are aware of the claims and are investigating,” a Microsoft spokesperson told SecurityWeek via email.

Lapsus$ also claimed on Monday that it has targeted electronics giant LGE and identity and access management company Okta.

The hackers posted some screenshots apparently showing that they gained access to Okta customer accounts. They said they did not access or steal any database from Okta and instead targeted the company’s customers. Okta says it has hundreds of millions of users on its platform.

Okta hack claims

Bill Demirkapi, an offensive security expert who works at Zoom, has analyzed the screenshots, which appear to show the ability to reset employee passwords, unauthorized access to a company VPN, and superuser access to what appears to be an admin panel. One of the images displays the date January 21, 2022.

Indeed, in a statement to media, Okta confirmed detecting a cybersecurity incident in January, and the company believes the screenshots are related to that event.

“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.” Okta said. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,”

In the case of LGE, the hackers leaked a file containing more than 80,000 usernames and password hashes allegedly associated with employee and service accounts.

SecurityWeek has reached out to LGE for comment and will update this article if the company responds.

Related: Microsoft Confirms ‘NotLegit’ Azure Flaw Exposed Source Code Repositories

Related: Microsoft: SolarWinds Hackers Attempted to Access Our Systems Until January 2021

Related: Windows 10 Source Code Leaked Online

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack