Security Breach: Microsoft’s Workforce Reveals Internal Passwords

Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems. Yoleri told TechCrunch that the exposed data could potentially help malicious actors identify or access other places where Microsoft stores its internal files. The researchers notified Microsoft of the security lapse on February 6, and Microsoft secured the spilling files on March 5. Microsoft did not say if it had reset or changed any of the exposed internal credentials.

After diligent efforts to address potential security vulnerabilities, Microsoft has successfully resolved a recent security lapse involving internal company files and credentials. The lapse was discovered by security researchers Can Yoleri, Murat Özfidan, and Egemen Koçhisarlı of SOCRadar, a trusted cybersecurity company that assists organizations in identifying areas of weakness. The team uncovered an open and public storage server hosted on Microsoft’s renowned Azure cloud service, which contained sensitive information related to the company’s Bing search engine.

The Azure storage server held a variety of data, including code, scripts, and configuration files embedded with passwords, keys, and credentials utilized by Microsoft employees to access confidential internal databases and systems. Shockingly, the storage server lacked password protection, allowing anyone on the internet to easily access its contents.

Yoleri shared with TechCrunch that the exposed data poses a potential threat as it could be used by malicious actors to infiltrate and obtain further internal files stored by Microsoft. Such a breach could have severe consequences, jeopardizing the company’s services. Yoleri added that identifying these storage locations “could result in more significant data leaks and possibly compromise the services in use.”

The security researchers promptly notified Microsoft of the security lapse on February 6th, and the company moved swiftly to secure the exposed files by March 5th.

At this time, it remains unclear how long the cloud server was at risk, and if any parties besides SOCRadar had discovered the leaked data. Despite reaching out for comment, a Microsoft spokesperson did not provide further details before the time of publication. It is also unclear if Microsoft has taken any additional precautions, such as resetting or altering any of the exposed internal credentials.

This is not the first time Microsoft has faced a security mishap as the company works to regain the trust of its clientele after a series of cloud security incidents in recent years. In a similar incident last year, researchers found that Microsoft employees had inadvertently disclosed their own corporate network logins in code shared on GitHub.

Furthermore, Microsoft faced backlash after acknowledging that it was unaware how Chinese-backed hackers obtained an internal email signing key, which ultimately allowed them to access senior U.S. government officials’ inboxes hosted by Microsoft. An autonomous council of cyber experts, charged with investigating the email breach, stated in their report released last week that the hackers’ success was due to a “cascade of security failures within Microsoft.”

Earlier this year, Microsoft announced that it is countering a continual cyberattack that facilitated Russian state-backed hackers in acquiring portions of the company’s source code and internal emails belonging to Microsoft corporate executives.