Skip to content
Security researchers from SOCRadar, a cybersecurity firm, have uncovered a data breach allegedly involving Microsoft. Employees’ credentials and internal company files were exposed to the Internet.
Can Yoleri, Murat Ozfidan, and Egemen Kohisarl discover an open and public storage server hosted on Microsoft’s Azure cloud service? The server stored sensitive information about Microsoft’s Bing search engine without proper security measures.
Initially unnoticed by Microsoft, the breach was reportedly resolved following its discovery. As reported by TechCrunch,.
The data exposed online consisted of codes, scripts, and configuration files containing passwords, keys, and credentials that Microsoft employees use to access internal databases and systems.
Alarmingly, the server was left unprotected and did not have a password, making it accessible to anyone on the internet.
According to the researchers, the exposed data could have provided malicious actors access to other internal Microsoft files, potentially leading to more severe data breaches and compromising services.
The researchers notified Microsoft of the issue in February, yet it took nearly a month to address it. However, it remains unclear whether unauthorized parties accessed the data and how long it remained exposed before mitigation measures were implemented.
As of now, Microsoft has not issued an official statement addressing the security lapse.
In a related incident, India-based wearable company Boat recently experienced a significant data breach. The personal information of over 7.5 million customers surfaced on the dark web, including names, addresses, phone numbers, email addresses, and customer IDs, posing risks of financial fraud, phishing attempts, and identity theft.
