Microsoft reportedly locked down a server final month that uncovered passwords, keys, and credentials of Microsoft staff to the open web, as the corporate faces mounting stress to bolster its software program safety.
Based on Techcrunch, three safety researchers at SOCRadar — an organization specializing in detecting company cybersecurity weaknesses — found that an Azure-hosted server storing delicate information linked to Microsoft’s Bing search engine was left open with no password safety, that means it may very well be accessed by anybody on-line. The server contained quite a lot of safety credentials utilized by Microsoft staff to entry inner programs, housed inside numerous scripts, code, and configuration recordsdata.
The uncovered credentials “might end in extra vital information leaks and presumably compromise the companies in use.”
One of many researchers, Can Yoleri, instructed Techcrunch that hackers might probably use this uncovered information to search out and entry different areas the place Microsoft shops inner information, which “might end in extra vital information leaks and presumably compromise the companies in use.”
Microsoft was notified concerning the vulnerability on February sixth, and locked it down by March fifth. It’s unclear if anybody else accessed the uncovered server throughout this time. We’ve reached out to Microsoft for remark and can replace this story if we hear again.
