Microsoft employees leak their own passwords on GitHub, incredible as it may seem

Large corporations are always in the crosshairs of hackers, who are constantly looking for new ways to access their systems. This forces the implementation of increasingly strict security measures, although no platform is truly safe when subjected to the human factor. And Microsoft has experienced it first-hand, after learning that several employees shared their access credentials to the company’s servers on GitHub.

As reported Vice, the irregularity was discovered thanks to a cybersecurity company called spiderSilk. It found that seven Microsoft credentials had been inadvertently posted on the popular code and software repository. And of the total, three were still active when the error was discovered.

According to the information available, the data to log in corresponded to Azure accounts, the cloud server platform developed by Redmond. All exposed information was linked to official Microsoft identifiers, which made it possible to quickly determine that the credentials were linked to company employees.

Microsoft acknowledged the leak, although it did not provide too many details about it. The US company limited itself to saying that they were investigating what happened and that there was no evidence that the information had been used inappropriately or to access sensitive data.

“We continue to see that accidental source code and credential leaks are part of an enterprise’s attack surface, and it’s getting harder and harder to identify them in a timely and accurate manner. It’s a very challenging topic for most businesses in these 

La Publishing login credentials on GitHub presents an unexpected security issue for Microsoft, which will need to beef up its protection, among the leaked login data there were references to the Azure DevOps code repository

This year, those from Redmond have already had to deal with a very important leak of information. It was last March, when they suffered a hack by LAPSUS$, the group of hackers who also compromised Samsung, NVIDIA and Okta, among others information , among which were the source codes of Bing and Cortana. But already in the days before the attack was made official, cybercriminals had shared a screenshot from the Azure DevOps control panel, the platform of tools and services that the company offers  for developers.

With the latest episode of credential leaks, it’s clear why Microsoft is one of the corporations out to crack down on passwords. Let’s remember that those from Redmond, along with Google and Apple, have committed to expanding support for the FIDO standard. It will allow users to access all its services from different platforms without the need to use a password.