Last Friday, a bombshell report claimed that a massive leak of the Windows source code had taken place and was now available online. That leak — claimed to be 32TB — would represent an absolutely enormous amount of Windows code, dwarfing the Windows 2000 leak that occurred in 2004.
New details suggest that the leak may not represent the mammoth security breach initially implied.
The Register, which broke the story, claims that the code is from Microsoft’s Shared Source Kit and includes “the source to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.” The site goes on to note that this information can be scoured for security vulnerabilities, which could then be used to attack Windows from new vectors that weren’t previously known. That’s true, as far as it goes, and it’s one reason why security audits on source code are so important (and also extremely time-consuming and difficult).
But there’s been some pushback on just how large the leak is and what new data it contained. Rather than the 8TB upload that decompressed into 32TB, the owner of Beta Archive revealed that the source code upload was just 1.2GB, notes The Verge. The Shared Source Kit does contain private debug symbols and a great deal of information that Microsoft only shares with trusted partners. The leak also included the Windows 10 Mobile Adoption Kit, some Creators Update information (this would be data from builds that have already shipped), and some ARM-based information as well.
Microsoft has confirmed that the leak was genuine, but has not confirmed details on what was leaked or how much information was compromised. The Beta Archive site voluntarily removed the leaked material as soon as it realized what had been uploaded.
The bigger concern for Microsoft likely isn’t the data itself, but the fact that hackers penetrated its systems in the first place. Even if the 32TB quoted by the Register is incorrect, sensitive information normally shared only with trusted partners was briefly available to a much larger audience. Microsoft undoubtedly has questions about how that happened, and where the leaks came from.
Two men have been arrested in the UK for allegedly hacking into Microsoft’s servers. But it’s not clear if they’re accused of the data breach that led to this specific set of leaks. Microsoft has also remained mum on any new security measures it has taken or plans to take to prevent this from happening again.