Microsoft now says suspected Russian hackers behind a massive campaign that impacted government agencies, local municipalities and companies were also able to view some of the company’s source code.
In a blog post Thursday, Microsoft says the unauthorized access “has not put at risk the security of our services or any customer data.”
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft stated. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
Source code is the basic building blocks of computer programs, like the instructions.
Last month, as news of the hacking campaign surfaced, Microsoft acknowledged using the IT management software SolarWinds Orion, which is how the attackers gained access to thousands of government, public, and private organizations.
Microsoft has said in earlier blog posts they were aware of clients they serviced who were compromised, Thursday’s update is the first time the company has confirmed the attackers compromised them.
Microsoft says they operate with a philosophy of making source code viewable, and do not rely on secrecy of this code for security. “So viewing source code isn’t tied to elevation of risk,” they stated.