cybersecurity research company spiderSilk(Opens in a new window) discovered that Microsoft employees had accidentally exposed their login credentials for servers hosted on Microsoft Azure.
As reported by Vice(Opens in a new window), the credentials appeared on the Microsoft-owned code hosting and version control service GitHub. A total of seven connections were discovered, three of which were still active and providing access to Microsoft Azure web servers.
Microsoft has since confirmed that the login data has been exposed publicly, but has not provided details about the servers and services they have allowed access to.
A Microsoft spokesperson explained, “We have investigated and taken steps to secure this identifying information. Although it was inadvertently made public, we have not seen any evidence that sensitive data was accessed. or that the credentials have been used inappropriately. We will continue to investigate and will continue to take steps to further prevent the inadvertent sharing of credentials.”
Recommended by our editors
Mossab Hussein, chief security officer at spiderSilk, told Vice, “We continue to see accidental source code and credential leaks as part of a company’s attack surface, and it becomes increasingly difficult to identify quickly and accurately. This is a very difficult problem for most businesses these days.” It’s also why big companies like Microsoft are pushing for passwordless logins and why multi-factor authentication is so important.
Do you like what you read ?
Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.