Danish Kapoor
Danish Kapoor

Microsoft's internal security passwords were exposed on the Internet

While Microsoft has been exposed to increasing software security pressures recently, it took the step of unlocking a server last month. This server publicly exposed to the Internet the passwords, keys and credentials used by Microsoft employees to access internal systems. According to information provided by TechCrunch, three security researchers from a company called SOCRadar discovered an Azure-hosted server that stored sensitive data of Microsoft's Bing search engine and could be accessed without any password protection. The server contained a set of security credentials, contained within various scripts, codes and configuration files, used by Microsoft employees to access internal systems.

Microsoft's security vulnerabilities

It was stated that such a vulnerability could lead to more significant data leaks and compromise of services in use. Can Yoleri, one of the researchers, told TechCrunch that by accessing this vulnerability, hackers can find and access other areas where Microsoft stores its internal data, which can cause more significant data leaks and compromise the services in use.

Microsoft was notified of this vulnerability on February 6 and fixed the vulnerability on March 5. It was not clear whether anyone else accessed the server during this time. An attempt was made to get a comment from Microsoft on the issue and the news will be updated when feedback is received.

Microsoft, which has faced several cybersecurity setbacks in recent years, is currently in the process of retooling its security practices. Earlier this month, an assessment from the U.S. Cybersecurity Review Board found that Microsoft could prevent a flaw in Exchange Online software that could allow Chinese hackers to gain access to U.S. government email systems in 2023. This has led to criticism that the tech giant has developed a “corporate culture” that prioritizes corporate security investments and stringent risk management. In another incident, in 2022, Microsoft's own employees uploaded sensitive login credentials used to log into the company's systems to GitHub. These and similar events once again reveal that Microsoft needs to take serious steps in the field of cyber security. How Microsoft will proceed against such vulnerabilities and how it will increase security measures are among the issues closely followed in the technology world.

Danish Kapoor