Why it matters: Microsoft reportedly locked down a server leaking company files and employee data. In what could be described as a “rookie mistake,” the Azure server was left wide open to the internet without a password. Anyone with a browser had free access to any data on the server for at least a month but probably longer.
Researchers at SOCRadar discovered the breach on February 6 and immediately informed Microsoft. The server contained company data, including credentials for logging into other internal databases and systems. Redmond secured the server on March 5. It’s unclear how long the data was publicly accessible before the researchers found it.
The breach was severe enough that other secured systems, including currently operating services, were at severe risk of intrusion.
“[The exposed data] could result in more significant data leaks and possibly compromise the services in use,” SOCRadar researcher Can Yoleri told TechCrunch.
While SOCRadar confirmed that the server is now secured, Microsoft has refused to comment on the incident. It is unclear if it secured all other potentially exposed systems with new passwords. One would assume they were, but with a breach that was literally a rookie mistake on Microsoft’s part, who can say for sure? It is also unknown whether anybody other than the researchers accessed the data.
Microsoft employees exposed internal passwords in security lapse.
“It’s not known for how long the cloud server was exposed to the internet, or if anyone other than SOCRadar discovered the exposed data inside.”
https://t.co/F4Ksa6h1k4– Mert SARICA (@MertSARICA) April 10, 2024
Microsoft is not new to data leaks and breaches. Firewall Times lists 21 instances since 2010 in which the company or its products have been responsible for internal or third-party security breaches. Only a few were credited to internal mistakes rather than attacks from bad actors.
The last internal mishap was in 2019 when a customer service and support server was “misconfigured,” exposing the data of 250 million Microsoft customers dating back to 2005. Microsoft had left the server wide open after a December 5, 2019, security group change. Researchers discovered the unsecured server after search engines began indexing its files. Microsoft quickly secured the server after being notified of the leak on December 29.
As for external threats, Microsoft is a huge target, so it’s no wonder attackers are constantly picking away at the company’s products and services. Most recently, the US Cyber Safety Review Board lambasted Redmond over a “preventable” Exchange Online hack by Chinese state-sponsored hackers. The attack allowed access to the email of over 500 government employees, including high-ranking White House cabinet members and members of Congress.
Image credit: Blue Coat Photos