Microsoft’s internal bug tracking database was hacked in 2013, say former employees

Michael Cottuli

According to the most recent piece from Reuters Microsoft’s internal bug tracking database was infiltrated back in 2013. The break-in seems to have been a pretty significant one, and had the potential to affect millions of people – just about every person and entity that runs on Microsoft technology in one way or another. In the words of Eric Rosenbach, the U.S. deputy assistant secretary of defense back in 2012, this break-in could have given the intruders a “skeleton key” for just countless Windows computers.

The break-in, performed by a still-active group going by the names “Morpho,” “Wild Neutron,” or “Butterfly,” was handled very quietly, with the news really only breaking to us now, 4 years later. Reuters interviewed 5 separate employees who were with Microsoft at the time of the break-in in order to get their take on what happened, as well as some U.S. officials. Microsoft itself refused to comment.

Compared to a similar break-in that occurred to Mozilla, Microsoft’s approach could be criticized by many users. When Mozilla’s bug database was infiltrated, the company told all Firefox users about the break-in, making it public so everybody could be kept abreast of the situation.

Either way, the break-in should be water under the bridge. As far as we know, the data taken in Microsoft’s breach has not been used for any other cyber attacks, and should not be a significant threat to anybody going forward. Things like this do make you wonder, though – what other large-scale break-ins have happened recently that we don’t know about?