Products
▸
Microsoft employees exposed internal login credentials. The issue was discovered by specialists of the cybersecurity firm spiderSilk. The data was accidentally uploaded to the company’s own infrastructure on GitHub. Thus, the threat landscape was extended. In other words, gaining of the initial access to the system enabled to operate within its framework and probably obtain some desirable info not intended for unauthorized users.
The employee of spiderSilk shared seven examples of exposed Microsoft logins with Motherboard. All of them turned out to be credentials for Azure servers and referred to special Microsoft IDs.
It’s still unclear, which systems implemented protection of the data, as Microsoft officials denied to share the corresponding info with media representatives. However, a Microsoft spokesperson told Motherboard that despite the data was exposed, they “haven’t seen any evidence that sensitive data was accessed or the credentials were used improperly”.