In a rather alarming lapse of security, it has been revealed that Microsoft employees left internal company files and credentials — including passwords — exposed to unauthorised access from the open internet. According to a report by TechCrunch, the security lapse, discovered by security researchers Can Yoleri, Murat Özfidan, and Egemen Koçhisarlı from SOCRadar, involved an open and public storage server hosted on Microsoft’s Azure cloud service. Microsoft, as per the report, has resolved the issue now.
According to the security researchers, the server was hosting internal information related to Microsoft’s Bing search engine, including code, scripts, and configuration files containing passwords, keys, and credentials used by Microsoft employees to access other internal databases and systems.
According to the report, the researchers informed Microsoft about the problem in February this year and it took Microsoft almost a month to patch the security issue. However, it remains unclear how long the cloud server was left exposed or if any unauthorised parties accessed the data before it was secured.
Microsoft has not made any official comment regarding the incident, according to the report by TechCrunch.
This isn’t the first time, Microsoft has faced an internal/external security lapse. Last year, it came to light that Microsoft employees were unknowingly exposing corporate network logins in code published to GitHub. The company also faced scrutiny after admitting it was unaware of how China-backed hackers obtained an internal email signing key, allowing them broad access to Microsoft-hosted inboxes of senior US government officials.
An independent board of cyber experts investigating the email breach attributed the success of the hackers to a "cascade of security failures at Microsoft."
Earlier this year, Microsoft revealed ongoing efforts to counter a cyberattack by Russian state-backed hackers, which resulted in the theft of portions of the company’s source code and internal emails belonging to several executives.
Also read: Microsoft warns about Russia hacking into its systems
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
