Large corporations are always in the crosshairs of hackers, who are constantly looking for new ways to access their systems. This forces the implementation of increasingly strict security measures, although no platform is truly safe when subjected to the human factor. Y microsoft he has experienced it in the first person, after learning that several employees shared their credentials to access company servers on GitHub.
As reported Vice, the irregularity was discovered thanks to a cybersecurity company called spiderSilk. It found that seven Microsoft credentials had been inadvertently posted on the popular code and software repository. And of the total, three were still active when the error was discovered.
According to the information available, the data to log in corresponded to Azure accounts, the cloud server platform developed by Redmond. All information displayed was linked to official Microsoft identifierswhich made it possible to quickly determine that the credentials were linked to company employees.
Microsoft acknowledged the leak, although it did not provide too many details about it. The US company limited itself to saying that they were investigating what happened and that there was no evidence that the information had been used inappropriately or to access sensitive data.
“We continue to see that accidental source code and credential leaks are part of an enterprise’s attack surface, and it’s getting harder and harder to identify them in a timely and accurate manner. It’s a very challenging topic for most businesses these days.” “.
Statement by Mossab Hussein, head of security at spiderSilk, to Vice.
Microsoft runs into an unexpected security issue
The publication of access credentials on GitHub presents itself as an unexpected security problem for Microsoft, which will have to strengthen its protection. As mentioned Viceamong the leaked login data there were references to the code repository of Azure DevOps.
Let’s not forget that this year the Redmond have already had to deal with a very important information leak. It was last March, when they suffered a hack by LAPSUS$, the group of hackers that also compromised Samsung, NVIDIA and Okta, among other companies.
At that time, Microsoft suffered the leak of almost 40 GB of information, among which were the source codes of Bing and Cortana. But already in the days before the attack was made official, cybercriminals had shared a screenshot from the Azure DevOps control panel, the platform of tools and services that the company offers developers.
With the latest episode of credential leaks, it’s clear why Microsoft is one of the corporations out to crack down on passwords. Let’s remember that those from Redmond, along with Google and Apple, have promised to expand support for the standard FIDO. It will allow users to access all its services from different platforms without the need to use a password.