Credentials used in Microsoft’s online infrastructure by employees are confirmed to be leaked on Github. The company itself attested that what happened is true after discoveries by a cybersecurity company called SpiderSilk. Data like this is vitally important as it gives access to Azure DevOps code.
The cybersecurity firm reported that at least seven login credentials were made public. Three of them were still active at the time of discovery and the others were not. However, there was the possibility that they could still be used within the company’s internal systems by the workers themselves.
In case you didn’t know, the hacker attack suffered by Microsoft in March of this year hit an Azure DevOps account, which impacted the company’s services such as the virtual assistant Cortana and the Bing search engine. Also in the same month, some Chinese hackers took advantage of a bug to spy on Outlook users. Still, there is apparently no link between the leak and what happened months ago.
According to what has been investigated so far, the leak occurred accidentally through employees. Identification, in this case, is a little more difficult, according to SpiderSilk security director Moussab Hussein. He also says that this issue is a problem for several other companies these days.
To date, no misuse of credentials disclosed and made public on the GitHub service has been discovered. In any case, the company remains committed to the investigations and seeks to take measures to prevent a similar situation from happening again.