Tech | Visa | Scholarship/School | Info Place

Microsoft employee leaks internal passwords due to security breach

Microsoft has resolved a security flaw that exposed internal company files and credentials to the open internet.

Security researchers Can Yoleri, Murat Özfidan, and Egemen Koçhisarlı of SOCRadar, a cybersecurity company that helps organizations discover security vulnerabilities, discovered an open public storage server hosted on the Microsoft Azure cloud service that stored storage related to the Microsoft Bing search engine internal information.

Azure storage servers contain code, scripts, and configuration files that contain passwords, keys, and credentials used by Microsoft employees to access other internal databases and systems.

But the storage server itself is not password protected and can be accessed by anyone on the Internet.

Yoleri told TechCrunch that the exposed data could help malicious actors identify or access other locations where Microsoft stores its internal files. Identifying these storage locations “could lead to more severe data breaches and potentially compromise services in use,” Ioleri said.

Researchers notified Microsoft of the security flaw on February 6, and Microsoft secured the leaked files on March 5.

It’s unclear how long the cloud server was exposed to the internet, or whether anyone other than SOCRadar discovered the exposed data. Reached via email, a Microsoft spokesperson had no comment as of press time. Microsoft did not disclose whether any exposed internal credentials were reset or changed.

It’s the latest security misstep for Microsoft as the company tries to rebuild trust with customers after a series of cloud security incidents in recent years. In a similar security breach last year, researchers discovered that Microsoft employees exposed their company network login information in code posted to GitHub.

Microsoft also came under criticism last year after the company admitted it had no idea how China-backed hackers stole internal email signing keys that gave the hackers broad access to Microsoft-hosted inboxes of senior U.S. government officials. The independent committee of cyber experts investigating the email breach wrote in a report released last week that the hackers were successful because of “a series of security failures at Microsoft.”

In March, Microsoft said it continued to respond to an ongoing cyberattack that allowed Russian state-backed hackers to steal some of the company’s source code and internal emails of Microsoft executives.

#Microsoft #employee #leaks #internal #passwords #due #security #breach

Leave a Reply

Your email address will not be published. Required fields are marked *