TechCrunch reports that Microsoft had internal data related to its Bing search engine exposed due to an internet-exposed Azure public storage server without any password protection.
Included in the unsecured server were code, configuration files, and scripts with credentials and keys leveraged for accessing Microsoft's other internal databases and systems, according to a report from SOCRadar. Such information could be potentially exploited by threat actors to facilitate further data compromise, said researcher Can Yoleri. Details regarding the duration of the public exposure of the server remain uncertain but Microsoft has only addressed the misconfiguration nearly a month after being reported by SOCRadar researchers in early February.
Such a security lapse at Microsoft follows a report from the U.S. Cyber Safety Review Board detailing the company's "cascade of security failures" that resulted in last year's theft of an internal email signing key, which enabled Chinese state-sponsored hackers to infiltrate senior government officials' email accounts.
