Microsoft left internal passwords exposed in latest security blunder

Share via:


Microsoft reportedly locked down a server last month that exposed passwords, keys, and credentials of Microsoft employees to the open internet, as the company faces mounting pressure to bolster its software security. 

According to Techcrunch, three security researchers at SOCRadar — a company specializing in detecting corporate cybersecurity weaknesses  — discovered that an Azure-hosted server storing sensitive data linked to Microsoft’s Bing search engine was left open with no password protection, meaning it could be accessed by anyone online. The server contained a variety of security credentials used by Microsoft employees to access internal systems, housed within various scripts, code, and configuration files.

The exposed credentials “could result in more significant data leaks and possibly compromise the services in use.”

One of the researchers, Can Yoleri, told Techcrunch that hackers could potentially use this exposed data to find and access other areas where Microsoft stores internal data, which “could result in more significant data leaks and possibly compromise the services in use.”

Microsoft was notified about the vulnerability on February 6th, and locked it down by March 5th. It’s unclear if anyone else accessed the exposed server during this time. We have reached out to Microsoft for comment and will update this story if we hear back.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Microsoft left internal passwords exposed in latest security blunder


Microsoft reportedly locked down a server last month that exposed passwords, keys, and credentials of Microsoft employees to the open internet, as the company faces mounting pressure to bolster its software security. 

According to Techcrunch, three security researchers at SOCRadar — a company specializing in detecting corporate cybersecurity weaknesses  — discovered that an Azure-hosted server storing sensitive data linked to Microsoft’s Bing search engine was left open with no password protection, meaning it could be accessed by anyone online. The server contained a variety of security credentials used by Microsoft employees to access internal systems, housed within various scripts, code, and configuration files.

The exposed credentials “could result in more significant data leaks and possibly compromise the services in use.”

One of the researchers, Can Yoleri, told Techcrunch that hackers could potentially use this exposed data to find and access other areas where Microsoft stores internal data, which “could result in more significant data leaks and possibly compromise the services in use.”

Microsoft was notified about the vulnerability on February 6th, and locked it down by March 5th. It’s unclear if anyone else accessed the exposed server during this time. We have reached out to Microsoft for comment and will update this story if we hear back.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Q-Commerce Will Create More Jobs Than Railways: Zepto CEO

SUMMARY Palicha said that India’s quick commerce ecosystem will...

China’s tiny robot Erbai ’kidnaps’ 12 larger robots, sparks...

In a wild turn of events straight out of...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!