Microsoft Employee Details, including Passwords, Leaked on the Internet

By Consultants Review Team Wednesday, 10 April 2024

Microsoft is believed to have suffered a data breach that exposed workers' passwords and sensitive corporate information to the internet. Security researchers Can Yoleri, Murat Özfidan, and Egemen Koçhisarlı from SOCRadar, a cybersecurity business, discovered this vulnerability. They uncovered an open and public storage server running on Microsoft's Azure cloud service that was storing internal information about Microsoft's Bing search engine without being recognized.

Notably, TechCrunch stated that the hack had been addressed.

The material made available online contained code, scripts, and configuration files providing passwords, keys, and credentials used by Microsoft personnel to access other corporate databases and systems. The worrying issue is that this server was not password protected, thus it could be accessed by anybody on the internet.

According to the research, the disclosed data may have let hostile actors get access to other confidential Microsoft files. According to Yoleri, identifying internal file storage locations "could result in more significant data leaks and possibly compromise the services in use".

It was discovered that the researchers had already reported the vulnerability to Microsoft in February. However, the corporation waited about a month to remedy the issue. It is currently unknown whether any unauthorized parties had access to the data, or how long the data was accessible until the business chose to safeguard it.

Microsoft has yet to publish an official comment addressing the security breach.

Earlier this week, Boat, an India-based wearable firm, purportedly had a large data breach in which personal information of over 7.5 million consumers was exposed on the dark web. This type of data breach can result in financial fraud, phishing attacks, and identity theft. The corporation publicly admitted that it is investigating the purported incident and informed its clients that protecting their data is its top concern.

Current Issue