Microsoft's Azure DevOps server was compromised in an attack by the Lapsus$ hacking group.
The attackers leaked about a 9 GB zip archive containing the source code for Bing, Cortana, and other projects.
Some of the compromised data contain emails and documentation that were clearly used internally by Microsoft engineers.
TPRM report: https://scoringcyber.rankiteo.com/company/microsoft
"id": "mic04123322",
"linkid": "microsoft",
"type": "Breach",
"date": "03/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology',
'name': 'Microsoft',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['zip archive'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Source code',
'Emails',
'Documentation']},
'description': "Microsoft's Azure DevOps server was compromised in an attack "
'by the Lapsus$ hacking group. The attackers leaked about a 9 '
'GB zip archive containing the source code for Bing, Cortana, '
'and other projects. Some of the compromised data contain '
'emails and documentation that were clearly used internally by '
'Microsoft engineers.',
'impact': {'data_compromised': ['Source code for Bing',
'Source code for Cortana',
'Emails',
'Documentation'],
'systems_affected': ['Azure DevOps server']},
'threat_actor': 'Lapsus$ hacking group',
'title': 'Microsoft Azure DevOps Server Compromise',
'type': 'Data Breach'}