Microsoft has found itself in an embarrassing position once again with reports that a massive trove of Windows 10 source code has been leaked online this week. Some system builds related to Microsoft’s USB, storage and Wi-Fi drives were posted to Beta Archive’s FTP site, and the Redmond giant has confirmed that the code, which is part of its Shared Source Kit, is authentic.
According to The Register’s initial report, the data uploaded to the Beta Archive was 32TB in size. However, a counter-report by The Verge suggested that the leak was smaller in size and that much of the data had been made available. The Register also updated its report with a statement provided by Beta Archive, saying that the source code has been removed. The site added it was not pressured by Microsoft to remove the code. However, it’s unclear how many have already downloaded the data.
According to a Beta Archive statement received by The Verge, the source code leaked was in fact only 1.2GB in size and was voluntarily removed by the site. In a statement to The Verge, a Microsoft spokesperson says the entire source code was not stolen, “Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners.”
The Shared Source Kit is shared with Microsoft’s partners, enterprises and licensees through the Shared Source initiative.
Apart from this, Microsoft’s Windows 10 Mobile Adaption Kit, Windows 10 Creators Update builds, and some ARM-based versions of Windows 10, were also reportedly included in the leak. Furthermore, the leak comes ahead of reports that two men in the UK were arrested over unauthorised access to Microsoft’s network. According the the report, the two men collected confidential Windows 10 builds, but it is unknown as to whether the two cases are linked.
While the leak is now deemed as minor, it is still substantial in that the source code could provide information for security vulnerabilities, which could be used to hack Windows systems around the world. This is something Microsoft would want to avoid post the recent WannaCry ransomware attacks.