Microsoft workers uploaded sensitive login credentials to Microsoft’s own systems to GitHub

Exposing information such as private keys or passwords on Github is not new. In the past few years, hackers have often completed attacks by retrieving specific keywords on Github to obtain confidential information.
I just didn’t expect that Microsoft engineers could also leak sensitive credentials. The sensitive credentials are Microsoft’s own credentials used on Microsoft Azure, but Microsoft declined to disclose which of Microsoft’s business systems these credentials involve.
Microsoft Managed Desktop

The credentials were first discovered by cybersecurity firm spiderSilk, who immediately contacted Microsoft after discovering them, which was subsequently revoked.

Mossab Hussein, chief security officer at cybersecurity firm spiderSilk which discovered the issue, told Motherboard in an online chat: “We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days.”

spiderSilk shows Motherboard seven examples in a total of exposed Microsoft logins. The exposed credentials were all associated with tenant IDs used by Microsoft itself, each equivalent to a specific set of unique Azure user identifiers.

When spiderSilk finds these credentials, 4 of them are invalid, and 3 of them can log in to the Microsoft server. I just don’t know if any hackers have found these credentials to log into Microsoft servers before spiderSilk found it.

Asked by Motherboard, Microsoft acknowledged that the leaked credentials were real, but Microsoft declined to say which systems the credentials belonged to or how they were protected internally at the company.

Usually, when hackers find these credentials, they will use the associated server or device as an entrance, and after entering the intranet, they will look for more valuable targets to lurk. Fortunately, it was discovered in a timely manner. Microsoft has already started an internal security review to take necessary measures to ensure the security of the internal environment.