Microsoft accidentally left one of its Azure servers without password protection

This is just one of the 21 incidents since 2010

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Microsoft Azure server breached by tiny robots

Microsoft surprisingly left one of its Azure servers open without a password on the internet for a month or more. So, until a few days ago, anyone had access to it and its information. On top of that, the server had company data, such as login credentials for other databases and systems.

Unfortunately, Microsoft’s negligence of this Azure server might have repercussions. After all, we don’t know how long the data was available. So, threat actors might have found ways to break into other secured servers, including the operating services available. This incident could lead to additional data leaks and compromise services.

How did Microsoft find out about the Azure server data breach?

The researchers from SOCRadar were the first to notice the Azure server breach on February 6 and notified Microsoft. Also, they are the ones who confirmed that the company fixed the issue. However, like many times before, Microsoft refused to comment on the incident.

Microsoft refused to give additional information about the Azure server breach. However, this is not the first time the company has done that. After all, the US government has an ongoing dispute with the tech giant due to its poor security systems.

The US Cyber Safety Review Board accused Microsoft of carelessness. After all, the security breach considered preventable allowed threat actors to steal 60,000 emails and a list of employee email addresses from the US State Department.

In addition, we don’t know if Microsoft changed all of the passwords from their Azure servers and systems. On top of that, we don’t know who accessed the company’s data.

In the past, Microsoft faced various data breaches and leaks. According to Firewall Times, there have been 21 incidents since 2010. Also, the company is responsible for most of them. For example, in 2019, a data breach caused by a server misconfiguration exposed the information of 250 million Microsoft customers dating back to 2005. In addition, it took Microsoft more than 20 days to fix the issue.

Ultimately, Microsoft should prioritize the security of its Azure servers. On top of that, the company should focus on its safety features, especially since threat actors keep finding ways in. Also, the tech giant could assign some of its AI developers to work on security. After all, Microsoft keeps adding employees to their AI teams.

What are your thoughts? Do you think that Microsoft should focus on its overall security? Let us know in the comments.

More about the topics: Cybersecurity, microsoft

User forum

0 messages