Sensitive Microsoft login credentials leak on GitHub

Kevin Okemwa


It seems that some Microsoft employees might have accidentally revealed their login credentials on GitHub, potentially exposing Microsoft to susceptibility to malicious attacks by hackers as spotted by the folks at Vice.

Mossab Hussein, chief security officer at spiderSilk found these credentials and then notified Motherboard online as stated below.

We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days

During Mossab’s chat with Motherboard, he shared seven login credentials for Azure servers that were all linked to an official Microsoft tenant ID. It is used as a unique identifier linked to a particular set of Azure users. Of the seven login credentials, three were still active when spiderSilk discovered them, slight activity was spotted on one. Microsoft did not give a response when asked by Motherboard what the login credentials were for.

Though through an email, a Microsoft spokesperson told Motherboard that they had investigated the matter and concluded that the credentials were not used maliciously to obtain sensitive data. The spokesman further indicated that security measures have been put in place to prevent such an incident from occurring again.