Microsoft reportedly shut down a server last month that exposed Microsoft employees' passwords, keys and credentials on the open internet, as the company faces increasing pressure to bolster the security of its software.
according to TechCrunchthree security researchers at SOCRadar — a company that specializes in discovering vulnerabilities in corporate cybersecurity — discovered that a server hosted on Azure that stores sensitive data linked to Microsoft's Bing search engine had been left open without password protection, meaning it could be accessed by anyone Connected. The server contains a variety of security credentials that Microsoft employees use to access internal systems, contained within various scripts, code, and configuration files.
Exposed credentials may leak more important data and potentially compromise the services being used.
One researcher said, it was Euleri TechCrunch It is possible that hackers could use this exposed data to find and access other areas where Microsoft stores internal data, which “could lead to more important data being leaked and potentially compromised services being used.”
Microsoft was notified of the vulnerability on February 6th, and it was closed by March 5th. It is unclear whether anyone else accessed the exposed server during this time. We've reached out to Microsoft for comment and will update this story if we hear back.
“Typical beer trailblazer. Hipster-friendly web buff. Certified alcohol fanatic. Internetaholic. Infuriatingly humble zombie lover.”