Source code for hundreds of Microsoft projects, including Bing and Cortana, was purportedly released by a hacker organisation in the latest in a series of massive breaches. The source code for Microsoft’s Bing, Bing Maps, and Cortana has been shared on a Telegram channel belonging to a threat actor that has previously stolen and published data from Nvidia and Samsung.

There is a threat actor known as Lapsus$, who is thought to be based in South America, who submitted the allegation to Telegram at 6:17pm PST yesterday (Monday).
An archive containing a 9-gigabyte zip file was made available for download on Monday night through a torrent posted by the Lapsus$ hacker organisation. The 7zip bundle was said to include more than 250 Microsoft-owned internal projects.
A snapshot of a Telegram channel posted by the group on Sunday and viewed by BleepingComputer indicated the source of the data, which was purportedly taken from Microsoft’s Azure DevOps server. Microsoft’s own high-profile and internal projects were all represented in the projects, including code for the Cortana personal assistant and other components of Bing search and Bing maps.
According to the article, the 37-gigabyte collection does seem to include real Microsoft source code, according to the story’s sources. Some of the projects also contained emails and documentation for Microsoft developers who were responsible for distributing software.
Windows and Microsoft Office, on the other hand, seem not to be affected by the code, which is mostly infrastructure, websites, and mobile app code.
Microsoft has confirmed that it is aware of the group’s accusations and is now examining the alleged breach and leak.
Lapsus$, which has earned prominence in a short period of time by obtaining and releasing significant quantities of data from prominent tech firms, is behind the next massive data breach. In early March, 190 terabytes of data were released from Samsung, and more assaults on Mercado Libre, Nvidia, Ubisoft, and Vodafone followed shortly afterwards.
One idea is that hackers are acquiring access to source code storage from an inside source. Attempts have been made in the past to attract personnel in order to get access to corporate networks by paying for it.
The threat actor has stolen data from a number of manufacturers, including Nvidia and Samsung Electronics, during the previous month. “We are aware that the threat actor obtained employee credentials and certain Nvidia sensitive material from our systems and has started releasing it online,” Nvidia said in a statement on March 1.
Source code for DLSS, an AI rendering technology, was apparently among the stolen Nvidia files.
A lack of previous money demands has led some experts to believe that Lapsus$’ motivations are unclear.