Microsoft leaks employee credentials and data via unprotected database
Take action: System misconfiguration errors should terrify everyone, because it's super easy to make them. And they can remain undetected for a very long time.
Learn More
Microsoft has been leaking employee data and company files. The incident was discovered by researchers at cybersecurity firm SOCRadar, who found an unprotected server on Microsoft Azure containing sensitive information related to Bing, Microsoft's search engine.
The server lacked password protection and contained passwords and credentials of Microsoft employees, potentially giving hackers the means to access other databases and internal systems.
Microsoft was informed about the leak on February 6, and a fix was applied on March 5. The duration for which the server was exposed and whether the data was accessed by unauthorized parties remain unknown. It's also unclear why it took Microsoft a month to lock down an exposed server.
Server misconfiguration is not unique to Microsoft - it reflects a broader issue within the tech industry, where databases and servers are often left unprotected due to oversight or error.
