Microsoft has launched an investigation after a hacker group claimed to have stolen the source code of some of the tech giant’s products.
The cybercrime group named Lapsus$ made the claims. The same gang recently took credit for attacks on NVIDIA, Samsung, Vodafone, and Ubisoft, and in most cases the victims have confirmed suffering a data breach.
The hackers on Monday leaked 40 Gb of files allegedly belonging to Microsoft. They claim the files store source code for Bing, Bing Maps and the Cortana virtual assistant. The leaked files and folders are dated March 20, 2022.
“Bing maps is 90% complete dump. Bing and Cortana around 45%,” Lapsus$ wrote on its Telegram channel.
“We are aware of the claims and are investigating,” a Microsoft spokesperson told SecurityWeek via email.
Lapsus$ also claimed on Monday that it has targeted electronics giant LGE and identity and access management company Okta.
The hackers posted some screenshots apparently showing that they gained access to Okta customer accounts. They said they did not access or steal any database from Okta and instead targeted the company’s customers. Okta says it has hundreds of millions of users on its platform.
Bill Demirkapi, an offensive security expert who works at Zoom, has analyzed the screenshots, which appear to show the ability to reset employee passwords, unauthorized access to a company VPN, and superuser access to what appears to be an admin panel. One of the images displays the date January 21, 2022.
Indeed, in a statement to media, Okta confirmed detecting a cybersecurity incident in January, and the company believes the screenshots are related to that event.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.” Okta said. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,”
In the case of LGE, the hackers leaked a file containing more than 80,000 usernames and password hashes allegedly associated with employee and service accounts.
SecurityWeek has reached out to LGE for comment and will update this article if the company responds.
Related: Microsoft Confirms ‘NotLegit’ Azure Flaw Exposed Source Code Repositories
Related: Microsoft: SolarWinds Hackers Attempted to Access Our Systems Until January 2021
Related: Windows 10 Source Code Leaked Online

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
Latest News
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
