In a recent Microsoft Security blog, Microsoft admitted the threat group DEV-0537, also known as LAPSUS$ managed to gain access to Microsoft and exfiltrated portions of source code.
Previously we covered how Nvidia confirmed that they were hacked by the same group.
READ MORE: Nvidia Confirmed It Was Hacked
The post detailed their analysis of the threat and how the threat group functioned.
It said that based on their observation no customer code or data was involved. However, a single account was found to be compromised and was quickly remedied by the cyber security response team.
It also said that the compromised source code would “not lead to elevation of risk”.
What You Can Do
Microsoft Security also detailed some security best practices in its post and although it is meant for enterprise users, there are some tips that we could learn as the average consumer as well.
First, use multifactor authentication (MFA) wherever it is available. Don’t just rely on passwords alone.
Even if you are using MFA, avoid weak ones such as text messages, simple push without text messaging, and secondary email addresses. Although they are common they are susceptible to attacks.
Stick to authenticators and FIDO(Fast IDentity Online) tokens instead.
Second, use a trusted password manager. While it is convenient, the feature that makes password managers so highly recommended is its ability to generate and remember complex and hard to guess passwords.
You can read the full Microsoft Security Post here.