According to chatter on Reddit and a report over on Cyber Kendra, Microsoft's DevOps accounts have been breached by the LAPSUS$ (Lapsus) group, the same group responsible for hacking Samsung and threatening to release propriatary code from Vodafone earlier this year.
The screenshot, which was released by Lapsus on Telegram and then quickly deleted, was saved by Cyber Kendra, the group claims to have access to several of Microsoft's DevOps resources. According to the report the post was deleted after a couple of minutes, with a message "Deleted for now will repost later".
The following DevOps resources can be seen:
- Bing_STC-SV: Project contains the source code for various Bing engineering projects in the Silicon Valley office
- Bing_Test_Agile: This is the test project for Bing using the Agile template.
- Bing_UX: Bing.com frontend (SNR) and other related UX codebase
- Bing Cubator
- Bing Source Code: The central project for storing all of Bing Source Code.
- Compliance_Engineering: WebXT Compliance Engineering team project.
- Cortana: The main Cortana project, its related code, and work items.
- Creative Authoring
It must be noted that only the top portion of the page in the image can be seen, so any number of resources could be breached. We'll update this post as more information becomes available.