Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft, Okta Investigating Data Theft Claims

Microsoft has launched an investigation after a hacker group claimed to have stolen the source code of some of the tech giant’s products.

Microsoft has launched an investigation after a hacker group claimed to have stolen the source code of some of the tech giant’s products.

The cybercrime group named Lapsus$ made the claims. The same gang recently took credit for attacks on NVIDIA, Samsung, Vodafone, and Ubisoft, and in most cases the victims have confirmed suffering a data breach.

The hackers on Monday leaked 40 Gb of files allegedly belonging to Microsoft. They claim the files store source code for Bing, Bing Maps and the Cortana virtual assistant. The leaked files and folders are dated March 20, 2022.

“Bing maps is 90% complete dump. Bing and Cortana around 45%,” Lapsus$ wrote on its Telegram channel.

Microsoft source code leak

“We are aware of the claims and are investigating,” a Microsoft spokesperson told SecurityWeek via email.

Lapsus$ also claimed on Monday that it has targeted electronics giant LGE and identity and access management company Okta.

The hackers posted some screenshots apparently showing that they gained access to Okta customer accounts. They said they did not access or steal any database from Okta and instead targeted the company’s customers. Okta says it has hundreds of millions of users on its platform.

Okta hack claims

Bill Demirkapi, an offensive security expert who works at Zoom, has analyzed the screenshots, which appear to show the ability to reset employee passwords, unauthorized access to a company VPN, and superuser access to what appears to be an admin panel. One of the images displays the date January 21, 2022.

Indeed, in a statement to media, Okta confirmed detecting a cybersecurity incident in January, and the company believes the screenshots are related to that event.

“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.” Okta said. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,”

In the case of LGE, the hackers leaked a file containing more than 80,000 usernames and password hashes allegedly associated with employee and service accounts.

SecurityWeek has reached out to LGE for comment and will update this article if the company responds.

Related: Microsoft Confirms ‘NotLegit’ Azure Flaw Exposed Source Code Repositories

Related: Microsoft: SolarWinds Hackers Attempted to Access Our Systems Until January 2021

Related: Windows 10 Source Code Leaked Online

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...