Microsoft scrambles after leaking internal files, passwords on unsecured server
Microsoft has addressed a significant security oversight that left the company's internal files and credentials vulnerable to public access. The breach was identified by Can Yoleri, Murat Ozfidan, and Egemen Kochisarli, security researchers from SOCRadar. The cybersecurity firm specializes in identifying security vulnerabilities for organizations. The team discovered an unsecured storage server on Microsoft's Azure cloud service containing internal data related to Microsoft's Bing search engine.
Files contained passwords, credentials used by Microsoft employees
The Azure storage server, which lacked password protection, housed code, configuration files, and scripts. These files contained keys, passwords, and credentials used by Microsoft employees to access other internal databases and systems. The server was accessible to anyone with internet access. Microsoft was alerted about the security oversight on February 6 and secured the exposed files by March 5.
History of security blunders
The latest incident adds to a series of security missteps at Microsoft. Last year, it was discovered that Microsoft employees were unknowingly exposing their corporate network logins within a code published to GitHub. Additionally, the company faced backlash after admitting it was unaware of how China-backed hackers managed to steal an internal email signing key that granted large-scale access to Microsoft-hosted inboxes belonging to high-ranking US government officials.