Several people believed to be Microsoft employees have leaked sensitive login credentials to the company’s internal infrastructure on GitHub. This data could potentially be used by attackers to gain access to internal company systems, notifies Motherboard.
The problem was discovered by the security company spiderSilk. In particular, credentials for Azure servers – a cloud service – were found among the disclosed data. All credentials were associated with an official Microsoft customer ID. A customer ID is a unique identifier associated with a specific set of Azure users.
Microsoft confirmed the disclosure of credentials. The company also said it was investigating the incident and had taken steps to protect them.
“We have seen no evidence that sensitive data was accessed or that credentials were misused. We are continuing the investigation and taking the necessary measures to prevent the accidental sharing of credentials,” says Microsoft.