Microsoft employees leaked internal credentials accidentally via GitHub
source link: https://www.neowin.net/news/microsoft-employees-leaked-internal-credentials-accidentally-via-github/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Microsoft employees leaked internal credentials accidentally via GitHub
Microsoft's employees have exposed sensitive login credentials to the company's infrastructure online. The leak was reported first by cybersecurity research firm, spiderSilk, and later confirmed by Microsoft, Vice reports. According to the article, the exposed data came from employees on GitHub.
Mossab Hussein, chief security officer from the cybersecurity firm SpiderSilk, which found the issue, told Vice that it is becoming more difficult to identify in time accidents from source code and credential leaks. He said:
"We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days"
Azure, being Microsoft's cloud computer service, is similar to Amazon Web Services. The leaked credentials were related to an official Microsoft tenant ID. A tenant ID is a unique identifier linked to a particular set of Azure users.
According to Vice, Microsoft refused to elaborate on what systems the credentials were protecting when asked multiple times. No sensitive data was accessed from this leak, and the company has taken more secure measures to prevent credential sharing.
Source: Vice
Recommend
-
105
If you accidentally leak your AWS keys on GitHub, it won’t be long before attackers scrape this information and
-
6
Don’t post secrets to public GitHub repositories. I made this mistake a while ago, and in the interests of openness and learning from others, I’d like to describe what happened. Maybe it’ll help others avoid the mistake, and maybe I’...
-
13
TL; DR Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. The internal AWS service was connected to AWS interna...
-
4
Amazon India may have accidentally leaked what's likely the OnePlus 10R After launching the
-
6
First OnePlus Flagship Killer With A MediaTek Chip Accidentally Leaked By Amazon ...
-
9
Next Up 12 Tech Disasters That Lost Millions ...
-
9
Microsoft employees accidentally exposed login credentials for important internal systems It wasn't Clippy, even though he did come out of retirement last year By
-
6
Microsoft might have just accidentally leaked the name of the next big Windows 11 update By Christian Guyton published 43 minutes a...
-
3
Chevy accidentally leaked the hybrid Corvette on its site / We haven’t seen a physical charging port, but we do know there’ll be a ZER Performance Package.By
-
4
Microsoft accidentally leaked its internal tool for testing new Windows features Staging tool allows users to find and activate hidden Windows Insider features By
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK