Microsoft"s employees have exposed sensitive login credentials to the company"s infrastructure online. The leak was reported first by cybersecurity research firm, spiderSilk, and later confirmed by Microsoft, Vice reports. According to the article, the exposed data came from employees on GitHub.
Mossab Hussein, chief security officer from the cybersecurity firm SpiderSilk, which found the issue, told Vice that it is becoming more difficult to identify in time accidents from source code and credential leaks. He said:
"We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days"
Azure, being Microsoft"s cloud computer service, is similar to Amazon Web Services. The leaked credentials were related to an official Microsoft tenant ID. A tenant ID is a unique identifier linked to a particular set of Azure users.
According to Vice, Microsoft refused to elaborate on what systems the credentials were protecting when asked multiple times. No sensitive data was accessed from this leak, and the company has taken more secure measures to prevent credential sharing.
Source: Vice