Microsoft Leak Credentials May be Used for Further Attacks
The compromised internal Azure server seemed to be associated with the functioning of the Bing search engine and had been used to store scripts, configuration & code containing sensitive data such as credentials, passwords and keys used by the company’s employees to access enterprise databases and systems.
A researcher indicated that the resulting data from the Microsoft leak could be used for further compromise by aiding attackers in identifying how Microsoft handles the storage of its internal resources as well as through the use of leaked credentials in attack campaigns.
The investigative team alerted Microsoft about the leaked credentials in February 2024, and Microsoft took steps to secure the unprotected internal Azure server by March first week.
Microsoft Leak Latest in Series of Security Missteps by Tech Giant
While the extent of the internal resource leak as well as the remediate steps taken by Microsoft remain unclear, the incident comes as part of a long line of recent cloud security related security incidents faced by the company.
In February this year, ‘Three high-risk vulnerabilities’ were reported in the Azure components of Microsoft’s cloud software solutions along with a critical IoT device vulnerability that potentially allowed for remote code execution(RCE) attacks.
Last year, in 2023, researchers discovered that Microsoft exposed sensitive credentials of its enterprise network in code it had published to Github. In the same year, the company faced intense scrutiny in an incident where the threat actor group Storm-0558 managed to obtain its email signing key in a move widely seen as an espionage attack on the email communication between U.S. government officials.
The incident highlights the struggle that tech giants might face in securing their own internal resources and sensitive data or employee credentials from various forms of security lapses and negligence as well as the threats surrounding them.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
