Microsoft is busy with its big AI plans but the company inadvertently exposed personal details of its employees as per reports. Microsoft had locked a server last month, which leaked details like passwords, keys and other credentials of its employees on the internet. The biggest concern from this reported incident is that Microsoft employees could be at risk of cyber attacks, and account intrusion if their passwords are not changed right away.
Microsoft Employees Data Leak: What Happened
The report from Techcrunch quotes security researchers who noticed that a server hosted by Microsoft’s Azure linked to its Bing search engine which did not have any password. Keeping it unsecure meant that all the sensitive data stored on the server was available publicly for anyone to access on the open internet.
The report talks about highlighting this leak to Microsoft on February 6 this year which was secured again by the company by March 5, almost one month after the concern was shared by the researchers. We still don’t know if having the server unlocked for this long was accessed by anyone else.
The most worrying part about the leak is that any bad actor with access to the passwords of these Microsoft employees could easily try to hack into other servers or databases of Microsoft and even look to infect them with ransomware which could be worth billions to the company and the hackers to return the access to these servers.
Researchers these days realise the need to secure servers and when you hear stories about companies like Microsoft leaving major servers unsecure for almost a month, you tend to worry about the overall cybersecurity standards of major tech giants who store and even access tonnes of data from millions of the users every day. Microsoft is one of the many companies building new AI use cases for consumers and if leaks like these become regular than AI security guidelines can’t come soon.
Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
