Microsoft reportedly locked down a server final month that uncovered passwords, keys, and credentials of Microsoft staff to the open web, as the corporate faces mounting strain to bolster its software program safety.
In accordance with Techcrunch, three safety researchers at SOCRadar — an organization specializing in detecting company cybersecurity weaknesses — found that an Azure-hosted server storing delicate information linked to Microsoft’s Bing search engine was left open with no password safety, which means it could possibly be accessed by anybody on-line. The server contained a wide range of safety credentials utilized by Microsoft staff to entry inside methods, housed inside varied scripts, code, and configuration information.
The uncovered credentials “may end in extra important information leaks and probably compromise the companies in use.”
One of many researchers, Can Yoleri, instructed Techcrunch that hackers may doubtlessly use this uncovered information to seek out and entry different areas the place Microsoft shops inside information, which “may end in extra important information leaks and probably compromise the companies in use.”
Microsoft was notified in regards to the vulnerability on February sixth, and locked it down by March fifth. It’s unclear if anybody else accessed the uncovered server throughout this time. We now have reached out to Microsoft for remark and can replace this story if we hear again.
