12.5 C
New York

When Microsoft employees exposed passwords in major security lapse

Published:

Apr 12, 2024 08:52 AM IST

The storage server was not protected with a password and could be accessed by anyone on the internet, security researchers said.

Microsoft resolved a security lapse that exposed internal company files and credentials to the open internet, security researchers said. Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar found an open and public storage server which is hosted on Microsoft’s Azure cloud service. It was storing internal information relating to Microsoft’s Bing search engine which included code, scripts and configuration files containing passwords used by the Microsoft employees for accessing internal systems.

Microsoft security lapse: A Microsoft logo is seen on an office building in New York City, US.
Microsoft security lapse: A Microsoft logo is seen on an office building in New York City, US.

What we know about the storage server?

Read more: Boeing engineer’s startling claim: ‘Dreamliner 787 has structural flaws, could break apart mid-flight’

The storage server was not protected with a password and could be accessed by anyone on the internet, Can Yoleri told TechCrunch adding that the data may help malicious actors identify or access other places where Microsoft stores its internal files which “could result in more significant data leaks and possibly compromise the services in use.”

Unlock exclusive access to the story of India’s general elections, only on the HT App. Download Now!

What Microsoft did after the security breach?

Read more: Bharti Hexacom IPO listing today: Here’s what latest GMP indicates

The researchers informed Microsoft of the security lapse on February 6 and the company secured the files on March 5, they said.

Microsoft’s security incidents in the past

Read more: Cathie Wood’s Ark Investment Management announces stake in Microsoft-backed OpenAI

This comes as the company has gone through a series of cloud security incidents in recent years. Last year, researchers found Microsoft employees were exposing their own corporate network logins in code published to GitHub. The company had also, in a different incident, admitted that it did not know how China-backed hackers stole an internal email signing key which allowed them broad access to Microsoft-hosted inboxes of senior US government officials.

  • ABOUT THE AUTHOR
    author-default-90x90

    Follow the latest breaking news and developments from India and around the world with Hindustan Times’ newsdesk. From politics and policies to the economy and the environment, from local issues to national events and global affairs, we’ve got you covered.

Related articles

Recent articles

spot_img