An illicit account associated with the widespread SolarWinds hack was used to view some of Microsoft's internal source code, the company
disclosed Thursday morning. Microsoft says its investigation found that the account was unable to modify any code or engineering systems. The company also reiterated that it has yet to find evidence that hackers accessed live services or customer data, or used Microsoft's systems to attack others.
Yet the disclosure illustrates that the implications of the incident are still unfolding, more than two weeks after the unprecedented cyberattack began to make headlines.
"This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we're learning as we combat what we believe is a very sophisticated nation-state actor," the company said in
its post on the Microsoft Security Response Center blog.
"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the post said. "The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated."