Microsoft left internal passwords exposed in latest security blunder

Cath Virginia / The Verge | Photo from Getty Images

Microsoft reportedly locked down a server last month that exposed passwords, keys, and credentials of Microsoft employees to the open internet, as the company faces mounting pressure to bolster its software security.

According to Techcrunch, three security researchers at SOCRadar — a company specializing in detecting corporate cybersecurity weaknesses — discovered that an Azure-hosted server storing sensitive data linked to Microsoft’s Bing search engine was left open with no password protection, meaning it could be accessed by anyone online. The server contained a variety of security credentials used by Microsoft employees to access internal systems, housed within various scripts, code, and configuration files.

Continue reading…