Microsoft determined that the hackers accessed all this data to find “secrets in code,” which Microsoft’s development policy prohibited. However, as a “just in case” move, the security team verified “current and historical branches of the repositories” to make sure they did not contain any credentials or anything of other importance.
Overall, Microsoft has taken this as a healthy learning experience to reinforce policies to help prevent issues like this in the future. At the forefront of security is a “zero trust” and “assumed breach” model that keeps data segmented for security and keeps people on their toes, assuming that a bad actor is already inside the system though they may not be. Ultimately, individuals and companies alike need to follow similar procedures to Microsoft lest they learn these lessons the hard way.