Data breaches at Microsoft

The main articles are:

• Microsoft
• Data breaches

2022: Hackers have released 37 GB of Microsoft software source code to the public

In March 2022, the hacker group Lapsus $ released 37 GB of source code to the public software Microsoft. Hundreds of company projects have been compromised, including a search engine, Bing as well as a virtual voice assistant with elements. artificial intelligence Cortana

The hacker group Lapsus $ on March 21, 2022 posted a 9 GB zip archive on the torrent, which was available for download. The archive, according to AppleInsider, contains more than 250 internal developments from Microsoft. The data was obtained from the server, Microsoft Azure DevOps according to a screenshot Telegram of the channel (see below) published by the hacker group. The source code in the projects covered a number of large projects, including code related to the Bing search engine, the Bing Maps mapping service, etc.

Security researchers told AppleInsider that the uncompressed 37 GB archive includes legitimate Microsoft source code. Some of the projects also included emails and documentation intended for Microsoft engineers. However, the code does not refer to local software for computers, such as Windows or Microsoft Office, but mainly consists of infrastructure, websites, and mobile application code.

Microsoft management said the company is aware of the Lapsus $ claims and the company is actively investigating the alleged data breach and breach. Since the attacks are mainly directed at source code stores, one version is that hackers gain access through an internal source. But AppleInsider emphasizes the fact that Microsoft did not put forward any demands by cybercriminals, moreover, the corporation did not even know about the leakage of corporate information^[1]

2020

Hackers stole emails from customers of Microsoft cloud services

Hackers stole emails from customers of Microsoft cloud services. This became known on December 25, 2020.

Microsoft itself said it had not identified any vulnerabilities or traces of hacking of the provided products or cloud service.

Allegedly, Russian hackers hacked into the computer systems of a Microsoft corporate partner and stole emails from users of Microsoft cloud services, as well as correspondence from one of the private companies.

Our investigation attacks data has recently identified incidents involving the misuse of accounts to gain access. We have not yet identified any vulnerabilities or compromises on Microsoft products or cloud services, "explained Jeff Jones, Senior Communications Director.

Earlier, Microsoft discovered in its networks, harmful ON thereby replenishing the list of companies affected by the hacking of the Texas software manufacturer. SolarWinds Microsoft notified "more than 40 customers" of the breach, some of data which had been compromised by a third party. In particular, attackers hacked a reseller by stealing credentials that can be used to gain access to accounts. Azure Once inside the account of a particular client, the attackers had the opportunity to read and steal emails, as well as another. information

Microsoft is a user of the SolarWinds Orion IT resource management platform, for which hackers have injected malware. The company also has products that attackers could use to further attack its customers. So on December 17, 2020, the US National Security Agency even published a security notice describing how certain Microsoft Azure cloud services could have been compromised by cybercriminals and redirected users to further block their systems.

According to Microsoft representatives, the company notified private sector customers about this problem and also informed the US government, but sources of the publication said that the government was not notified.

In addition, specialists from the American information security company CrowdStrike said that hackers who attacked government and private organizations in the United States unsuccessfully tried to gain access to its mail. As experts noted, on December 15, 2020, Microsoft representatives notified the company of allegedly "several months ago" attempts to gain access to its systems using one of the accounts on the Microsoft cloud platform^[2].

Data from millions of Microsoft customers in the public domain

On January 22, 2020, it became known that the data of millions of Microsoft customers were in the public domain. This was due to incorrect configuration of the Elasticsearch database: its parameters were set in such a way that anyone could view all the information from the catalog.

The problem was reported by information security specialist from Security Discovery Bob Dyachenko. According to him, due to an error in the database settings, about 250 million records with Microsoft client data appeared in the public domain. In particular, you could see email addresses, IP addresses and information about the technical support provided to users.

It became known that the data of millions of Microsoft customers were in the public domain

It is noted that the database contained data for 14 years. Access was opened on December 5, 2019, and Microsoft closed it on the 31st.

Comparitech lawyer (specializing in confidential data protection) Paul Bischoff says that the danger posed by this leak should not be underestimated. If the data got to the attackers, then cases of fraud are quite possible: customers can be called under various pretexts on behalf of Microsoft technical support employees, he said.

Microsoft acknowledged the data breach and noted that the company has tools to prevent such incidents, but they were not specifically applied to this database.

As we understood, it would be good to periodically review the settings to make sure that all available protections are used, the corporation said.

According to the executive director of Appsian (specializing in data protection technologies) Greag Wendt (Greg Wendt), what happened shows how difficult it is even for large companies to understand exactly where the data is stored and who can access it. Even after discovering the vulnerability, Microsoft cannot determine for sure whether the attackers used this data or not, he added.^[3]

Notes