A security group found a Microsoft server with key data that was not password protected

A new report says that a security organization informed Microsoft a couple of months ago that one of their Azure storage servers, which includes sensitive company data, was open to anyone who might know how to access it because it was not password protected.

TechCrunch reports that the security group called SOCRadar found the exposed Azure storage server, which it says was used to store internal information for its Bing internet search service.

The story stated:

The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems. But the storage server itself was not protected with a password and could be accessed by anyone on the internet.

SOCRadar stated it informed Microsoft of the situation on February 6. Microsoft secured the Azure storage server nearly one month later, on March 5. It is currently not known how long the server was not password protected or if any other group got access to it. Microsoft has yet to issue an official comment on this situation.

This is just the latest in a string of recent online security issues involving Microsoft. In July 2023, the company said China-based hackers were able to exploit a flaw in Outlook that allowed them to access emails from US and European government groups. The group was able to do this because it acquired an MSA (Microsoft Account) key and used it to forge tokens so it could get into those email accounts.

In January 2024, Microsoft admitted that a hacker group that Russia reportedly sponsors got access to a number of email accounts from some of the company's executives. In March, Microsoft confirmed that the information the hacker group accessed from the email hack was used to take some of the company's source code,

Source