Security News > 2021 > February > Microsoft: SolarWinds hackers downloaded Azure, Exchange source code
Microsoft announced today that the SolarWinds hackers gained access to source code for a limited number of Azure, Intune, and Exchange components.
After internal investigations of their use of the SolarWinds platform, Microsoft announced in December that they were affected by the attack and that hackers could gain access to a limited amount of source code repositories.
Today, Microsoft has released the final update into their investigation and determined that the hackers could only access a few files for most repositories.
For some repositories, including ones for Azure, Intune, and Exchange, the attackers could download component source code.
For a small number of repositories, there was additional access, including in some cases, downloading component source code.
Microsoft states that they have a strict development policy that prohibits storing secrets in source code and use automated tools to verify this compliance.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Nokia investigates breach after hacker claims to steal source code (source)
- Nokia says hackers leaked third-party app source code (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)