Jump to content
  • A security group found a Microsoft server with key data that was not password protected


    Karlston

    • 1 comment
    • 464 views
    • 2 minutes
     Share


    • 1 comment
    • 464 views
    • 2 minutes

    A new report says that a security organization informed Microsoft a couple of months ago that one of their Azure storage servers, which includes sensitive company data, was open to anyone who might know how to access it because it was not password protected.

     

    TechCrunch reports that the security group called SOCRadar found the exposed Azure storage server, which it says was used to store internal information for its Bing internet search service.

     

    The story stated:

     

    The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems. But the storage server itself was not protected with a password and could be accessed by anyone on the internet.

    SOCRadar stated it informed Microsoft of the situation on February 6. Microsoft secured the Azure storage server nearly one month later, on March 5. It is currently not known how long the server was not password protected or if any other group got access to it. Microsoft has yet to issue an official comment on this situation.

     

    This is just the latest in a string of recent online security issues involving Microsoft. In July 2023, the company said China-based hackers were able to exploit a flaw in Outlook that allowed them to access emails from US and European government groups. The group was able to do this because it acquired an MSA (Microsoft Account) key and used it to forge tokens so it could get into those email accounts.

     

    In January 2024, Microsoft admitted that a hacker group that Russia reportedly sponsors got access to a number of email accounts from some of the company's executives. In March, Microsoft confirmed that the information the hacker group accessed from the email hack was used to take some of the company's source code,

     

    Source


    User Feedback

    Recommended Comments

    Satya Nadella = Weak Leadership

    Weak Leadership = Weak Security

    Weak Security = ANOTHER Data Breach

     

    Are we clear?

    Link to comment
    Share on other sites




    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...