and identity authentication company Okta are both investigating potential attacks that may have been carried out by the South American hacking group Lapsus$. The collective claims to have stolen source code for , and internal Microsoft projects from a server.
Lapsus$ released a torrent on Monday that's said to contain 37GB of source code for around 250 projects, according to . The group claims the data includes 90 percent of Bing's source code and 45 percent of Cortana and Bing Maps code. Other affected projects seem to include websites, mobile apps and web-based infrastructure.
The leaks reportedly contain internal emails and documentation related to published mobile apps. The torrent is not believed to include code for desktop software such as Windows or Microsoft Office. Engadget has contacted Microsoft for comment.
The same group has also targeted Okta, though the company says it has not yet found evidence of a new breach following an incident in January.
"In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors," an Okta spokesperson told Engadget. "The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January."
Lapsus$ posted screenshots of what it claimed was Okta’s internal systems. As reports, the hackers claimed not to have accessed or obtained data on Okta itself and were focused on the company's customers, which Cloudflare, Grubhub, Peloton, Sonos, T-Mobile and Engadget parent Yahoo.