Microsoft shuts down leaky cloud storage, raising security concerns

The security lapse comes amid a string of cloud security incidents for Microsoft
An undated image of Microsoft building. — Pixabay
An undated image of Microsoft building. — Pixabay

Microsoft on Thursday addressed a recent security lapse that left internal company files and employee credentials exposed on the open internet.

Security researchers from SOCRadar, Can Yoleri, Murat Özfidan, and Egemen Koçhisarlı, discovered an unsecured storage server on Microsoft's Azure cloud platform.

This server, worryingly accessible to anyone online, contained sensitive information related to Microsoft's Bing search engine, including code, scripts, and configuration files with employee passwords for internal systems.

Yoleri expressed concern that the exposed data could be a roadmap for malicious actors, potentially leading them to other vulnerable Microsoft data storage locations. This, he warned, "could result in more significant data leaks and possibly compromise the services in use."

The security lapse comes amid a string of cloud security incidents for Microsoft. Just last year, researchers identified Microsoft employees accidentally exposing their login credentials in code uploaded to GitHub.

In another incident, the company acknowledged its inability to determine how China-backed hackers obtained an internal email signing key, granting them access to senior U.S. government officials' inboxes hosted by Microsoft. Microsoft secured the leaky server on March 5, following notification by the researchers on February 6.