Techly NewsGet the app

Get the latest tech news

Microsoft left internal passwords exposed in latest security blunder


An internal Azure-hosted server was left without password protection.

According to Techcrunch, three security researchers at SOCRadar — a company specializing in detecting corporate cybersecurity weaknesses — discovered that an Azure-hosted server storing sensitive data linked to Microsoft’s Bing search engine was left open with no password protection, meaning it could be accessed by anyone online. The server contained a variety of security credentials used by Microsoft employees to access internal systems, housed within various scripts, code, and configuration files. Earlier this month, a review from the US Cyber Safety Review Board said Microsoft could have prevented a breach in its Exchange Online software that allowed Chinese hackers to access US government email systems in 2023, accusing the tech giant of developing a “corporate culture that deprioritized enterprise security investments and rigorous risk management.” Another incident in 2022 saw sensitive login credentials for Microsoft’s systems being uploaded by its own employees on GitHub.

Get the Android app

Or read this on The Verge

Read more on:

Photo of Microsoft

Microsoft

Photo of internal passwords

internal passwords

Related news:

News photo

World of Warcraft is returning to China as Microsoft strikes a new deal with NetEase

News photo

Microsoft’s Japan Investment Boosts Power, Industrial Shares

News photo

Microsoft brings World of Warcraft and other Blizzard titles back to China

« Fortnite removes item rarities, upsetting fans
Dyson's AR feature turns vacuuming into a real-life cleaning game »