Microsoft’s sensitive login credentials have been leaked by its own employees in the past some days, and where these credentials were leaked might also surprise you as on their own service management platform, GitHub.
This data exposure was figured out and researched by the cyber security firm named SpiderSilk, and now the company has also confirmed this incident, so discuss all the possible details.
How Microsoft’s Login Data Was Compromised
This login data was related to Azure services, which is Microsoft’s cloud computing service. Currently, it is completely unconfirmed if someone tries to use them for breach or might be noticed them.
As reports are saying, it was done by multiple employees of Microsoft, but at last, it was considered unintentional by these employees, but investigation might still be going on underground.
SpiderSilk has detailed that there was a total of seven login credentials were discovered, and three of them were found working during the research, which seems to be a big risk for the company.
And other four were not working, but from the above three, one of the active login credentials was related to the reference of the Azure DevOps code repository, whose importance we also saw in March’s data breaching by the Lap$us hacking group.
But the best part about this incident was that no harm or attack was detected, and everything is now the company’s under control. And a question came out as to why the company could not find it on their own platform.
Mossab Hussein, the chief security officer at SpiderSilk, has detailed that “it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days,” in an article from Vice.
Microsoft’s spokesperson talked to Vice via email and said, “We’ve investigated and taken action to secure these credentials. We’re continuing to investigate and will continue to take necessary steps to further prevent inadvertent sharing of credentials.”