When Microsoft employees exposed passwords in major security lapse
The storage server was not protected with a password and could be accessed by anyone on the internet, security researchers said.
Microsoft resolved a security lapse that exposed internal company files and credentials to the open internet, security researchers said. Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar found an open and public storage server which is hosted on Microsoft’s Azure cloud service. It was storing internal information relating to Microsoft’s Bing search engine which included code, scripts and configuration files containing passwords used by the Microsoft employees for accessing internal systems.
What we know about the storage server?
Read more: Boeing engineer's startling claim: 'Dreamliner 787 has structural flaws, could break apart mid-flight'
The storage server was not protected with a password and could be accessed by anyone on the internet, Can Yoleri told TechCrunch adding that the data may help malicious actors identify or access other places where Microsoft stores its internal files which “could result in more significant data leaks and possibly compromise the services in use.”
What Microsoft did after the security breach?
Read more: Bharti Hexacom IPO listing today: Here's what latest GMP indicates
The researchers informed Microsoft of the security lapse on February 6 and the company secured the files on March 5, they said.
Microsoft’s security incidents in the past
Read more: Cathie Wood's Ark Investment Management announces stake in Microsoft-backed OpenAI
This comes as the company has gone through a series of cloud security incidents in recent years. Last year, researchers found Microsoft employees were exposing their own corporate network logins in code published to GitHub. The company had also, in a different incident, admitted that it did not know how China-backed hackers stole an internal email signing key which allowed them broad access to Microsoft-hosted inboxes of senior US government officials.
