First caught by cybersecurity research company spiderSilk, Microsoft employees accidentally shared seven server login credentials for Azure, three of which were active, on GitHub last Wednesday.
The company release reads: “We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days.”
Microsoft has since confirmed the incident, but would not provide further details as to which servers or services they allowed access to. A Microsoft spokesperson explained: “We’ve investigated and have taken action to secure these credentials. While they were inadvertently made public, we haven’t seen any evidence that sensitive data was accessed or the credentials were used improperly. We’re continuing to investigate and will continue to take necessary steps to further prevent inadvertent sharing of credentials.”
This is not the cybersecurity company’s first feat. SpiderSilk previously discovered an exposed list of Slack channels belonging to Electronic Arts, the personal information of WeWork customers uploaded by WeWork developers, and users’ passwords exposed by education giant Elsevier.
If you see something out of place or would like to contribute to this story, check out our Ethics and Policy section.