microsoft news: Microsoft accepts cybercriminal group Lapsus$ hacked its data | #cybersecurity | #cyberattack


Microsoft has confirmed that the hacking group Lapsus$ had gained “limited access” to the US tech giant’s data. Microsoft accepted the event of hacking in a security blog post by the company. The American tech giant has stated that the hacking group infiltrated “a single account.” However, Microsoft assured that no customer code or data was compromised in this cyberattack.

Microsoft’s response has come following the claims of Lapsus$, which had said that it hacked data from the software giant. The cybercriminals group has even posted a file of 37 GB that, according to BleepingCoumputer, contains source code of more than 250 Microsoft projects, including search engine Bing, Bing Maps and the voice-assistant software Cortana. Besides, it may have sensitive information that can pose a cyber threat to employees’ data and software certificates.

In the security blog post, Microsoft stated that its cybersecurity response teams had taken adequate measures to prevent further data breaches. In the blog’s section titled “Actor actions targeting Microsoft,” the company has also explained some methods that the hacking group used in cyberattacks.

Although Microsoft clarified that the cyberattack wouldn’t affect its customers, it has recommended some methods to avoid data breaches. The company advised its customers to use multifactor authentication, strong passwords or passwordless authentication, and a VPN as an extra layer of authentication.

Earlier this week, Lapsus$ had also claimed to breach Okta’s security. Notably, US-based Okta manages authentication services for thousands of brands. The hacking group revealed that it did not steal any company databases but targetted its corporate customers. Calling it “potentially disastrous”, IT security firm Checkpoint stated that Lapsus$ could breach corporate networks and applications using private keys obtained from infiltration in Okta’s systems. However, Okta has denied any such cyberattack, saying that there was no evidence of “ongoing malicious activity.”

Disclaimer: This content is authored by an external agency. The views expressed here are that of the respective authors/ entities and do not represent the views of Economic Times (ET). ET does not guarantee, vouch for or endorse any of its contents nor is responsible for them in any manner whatsoever. Please take all steps necessary to ascertain that any information and content provided is correct, updated and verified. ET hereby disclaims any and all warranties, express or implied, relating to the report and any content therein.



Original Source link

Leave a Reply

Your email address will not be published.

eleven − = eight