Microsoft Employees Exposed Own Company’s Internal Logins

guest · Aug 17, 2022

A cybersecurity firm found that Microsoft workers uploaded sensitive login credentials to Microsoft's own systems to GitHub.
August 16, 2022

Multiple people who appear to be employees of Microsoft have exposed sensitive login credentials to the company’s own infrastructure on GitHub, potentially offering attackers a gateway into internal Microsoft systems, according to a cybersecurity research firm that found the exposed credentials.

Microsoft confirmed the data exposure when contacted by Motherboard. Microsoft owns GitHub.

“We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days,” Mossab Hussein, chief security officer at cybersecurity firm spiderSilk which discovered the issue, told Motherboard in an online chat.
Click to expand...

SpiderSilk has previously discovered an exposed list of Slack channels belonging to Electronic Arts; the personal information of WeWork customers uploaded by WeWork developers; and that education giant Elsevier exposed users’ passwords.
Click to expand...

Hussein provided Motherboard with seven examples in total of exposed Microsoft logins. All of these were credentials for Azure servers.

All of the exposed credentials were associated with an official Microsoft tenant ID. A tenant ID is a unique identifier linked to a particular set of Azure users. One of the GitHub users also listed Microsoft on their profile.
Click to expand...

Log in or Sign up

Microsoft Employees Exposed Own Company’s Internal Logins

guest Guest

Log in or Sign up

Microsoft Employees Exposed Own Company’s Internal Logins

guest Guest

Useful Searches