Former Microsoft Employees Say Company Kept Mum About A Secret Database Hack In 2013
Five ex-employees each told Rueters the same thing in separate interviews. All of them claim the breach happened in 2013, with Microsoft responding in private rather than disclosing the extent of the attack to the public or its customers. The database in question is said to have contained descriptions of critical and unpatched vulnerabilities in popular software programs, including Windows.
Image Source: Flickr (Rory Finneren)
Unfixed flaws are sought after by some foreign governments and malicious hackers in general. There are even companies out there that pay big money for certain software vulnerabilities. For example, a company called Zerodium offered a $1 million reward to the first three people or teams to provide a remote jailbreack for Apple's iOS 9 software in 2015, and has since upped the ante to $1.5 million.
"Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was serving as US deputy assistant secretary of defense for cyber when the database breach occurred.
Microsoft investigated subsequent breaches at other organizations and did not find any evidence that any of them occurred as a result of information being stolen from its databases. The former employees are less sure, however, with three of them noting that the study did not have enough information to draw that conclusion.
There has only been one time when a breach of a big database has been disclosed, and that happened in 2015 at Mozilla, the company behind the Firefox web browser.
Thumbnail Image Source: Flickr (Julien GONG Min)