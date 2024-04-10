Microsoft has allegedly faced a data breach that has exposed employees’ credentials and internal company files to the internet. This was revealed by security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar, a cybersecurity company that helps organizations find security weaknesses. They discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating to Microsoft’s Bing search engine without being highlighted.

Notably, TechCrunch has reported that this breach is now resolved.

The data available online included housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems. The alarming part is this server was not password protected and hence could be acessed by anyone on the internet.

As per the report, the exposed data could have helped malicious actors get access to other internal Microsoft files. As per a statement by Yoleri, identifying storage locations of internal files “could result in more significant data leaks and possibly compromise the services in use”.

It was revealed that the researchers had already reported the issue to Microsoft in February. However, the company took almost a month to resolve it. It still remains unclear if any unauthorised party got access to the data, or how long was the data exposed for before the company decided to secure it.

Microsoft has not issued any official statement regarding the security lapse as of now.

Earlier this week, India-based wearable company, Boat, also allegedly faced a massive data breach where personal information of over 7.5 million customers was exposed on dark web. Reportedly, this data included names, addresses, phone numbers, email addresses, and customer IDs. This kind of data leak can lead to financial fraud, phishing attempts, and identity theft. The company openly acknowledged they are investigating the reported breach and assured its customers that safeguarding their data remains its utmost priority.

