Microsoft Confirmed That Hackers Has Gained Access To Some Of It Company's Source Code

According to Bloomberg, on December 31, 2020, Microsoft confirmed the fact that hackers gained access to the company's internal network and server resources. During the hack, the attackers were able to view part of the source code of some Microsoft products.


A Microsoft spokesman explained to Bloomberg that the company had discovered unusual activity at the end of the year on several internal employee accounts. Verification showed that at least one account was used by hackers to view source code in several of the company's internal repositories.


Microsoft clarified that this account did not have permission to make changes to the source code. Also, this accounting did not give the right to manipulate the settings of the company's network and server systems. Microsoft's information security specialists additionally confirmed that during the attack the attackers could not make any changes to the company's internal resources and code.


A Microsoft spokesman declined to tell Bloomberg exactly which source code the hackers viewed, which code repositories were accessed, and how long the attackers had been on the network


Microsoft said its security philosophy, or "threat model," assumes product source code can be viewed, and the company's data protection is built with this factor in mind.


On December 18, 2020, it became known that Microsoft was hit in an attack, during which hackers gained access to the networks of the software manufacturer SolarWinds. The malware update incident affected the computer systems of several US government agencies as well as thousands of companies around the world.


Microsoft explained in a blog post that during the December attack, the hackers did not use the SolarWinds update to gain access to internal company employee accounts. Microsoft declined to disclose exactly how the attackers gained access to the internal network. The company said the attack did not compromise the security of its services, the hackers were unable to compromise customer data and did not use the company's resources to attack other businesses and institutions.

Previous Post Next Post