Microsoft reported a breach by Russian group ‘Midnight Blizzard,’ which accessed internal systems and source code using stolen authentication secrets from a January cyberattack. The unauthorized access was facilitated by a compromised non-production test account lacking multi-factor authentication and linked to an OAuth app with elevated privileges. Microsoft is contacting affected customers and has ramped up security measures to counter the persistent threat.

  • Admiral Patrick@dubvee.org
    link
    fedilink
    English
    arrow-up
    46
    arrow-down
    1
    ·
    edit-2
    9 months ago

    Oh, no. Imagine all the havoc that could be wrought if the source code for an operating system was released onto the internet /s

    That’s why you should never rely on security through obscurity.

    – Sent from my Linux desktop

    • assembly@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      9 months ago

      I hope these hackers didn’t also get the source code to RockyLinux or I’m screwed man. If all you need is source code access, I won’t be safe after that. :-)

    • atzanteol
      link
      fedilink
      English
      arrow-up
      7
      ·
      9 months ago

      I don’t think that is the concern here.

      Microsoft is a huge cloud provider now.

    • rutellthesinful@kbin.social
      link
      fedilink
      arrow-up
      3
      ·
      9 months ago

      wouldn’t the counterpoint to that be all the vulnerabilities that have sat out in the open for years before finally being reported?

    • rdri@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      9 months ago

      Chances are it didn’t involve the OS source code. If you read the article, previously Microsoft reported about source code for service components like Exchange, Azure etc.