Complete Story


The Tricky Aftermath of Source Code Leaks

They aren't the worst-case scenario of a criminal data breach

The Lapsus$ Digital extortion group is the latest to mount a high-profile data-stealing rampage against major tech companies. And among other things, the group is known for grabbing and leaking source code at every opportunity, including from Samsung, Qualcomm and Nvidia. At the end of March, alongside revelations that they had breached an Okta subprocessor, the hackers also dropped a trove of data containing portions of the source code for Microsoft's Bing, Bing Maps and its Cortana virtual assistant. Sounds bad, right?

Businesses, governments and other institutions have been plagued by ransomware attacks, business email compromise, and an array other breaches in recent years. Researchers say, though, that while source code leaks may seem catastrophic, and certainly aren't good, they typically aren't the worst-case scenario of a criminal data breach.

"Some source code does represent trade secrets, some parts of source code may make it easier for people to abuse systems, but accounts and user data are typically the biggest things companies have to protect," said Shane Huntley, director of Google's Threat Analysis Group. "For a vulnerability hunter, it makes certain things easier, allowing them to skip a lot of steps. But it's not magic. Just because someone can see the source code doesn't mean they'll be able to exploit it right then."

Please select this link to read the complete article from WIRED.

Printer-Friendly Version