Microsoft was hacked in 2013 and the Target: Internal Bugs Database

Microsoft was hacked in 2013, and they responded quietly, according to five former employees who spoke to Reuters.

The secret database for internal bugs, the secret location contained information about critical vulnerabilities in some of the world’s most famous softwares.

Want to stay up to date with security news? Please subscribe to our NEW LinkedIN group , Like our Facebook page, or join our FREE Newsletter… Or do all! It’s free and you will always be informed.

The result of the Microsoft hack is literally a jackpot to any Governmental or Terrorist spy agency as it would show them how to build exploits, the tools necessary to break-in to systems using those softwares.

Although the security news that Microsoft was hacked were kept a secret, the company tracked whether stolen vulnerabilities were used in cyberattacks around the same time of the hack. Microsoft also fixed the stolen vulnerabilities within a few months after the attack was detected.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.

In an email responding to questions from Reuters, Microsoft said: “Our security teams actively monitor cyber threats to help us prioritize and take appropriate action to keep customers protected.”

The Microsoft matter should remind companies to treat accurate bug reports as the “keys to the kingdom,” said Mark Weatherford, who was deputy undersecretary for cybersecurity at the U.S. Department of Homeland Security when Microsoft learned of the breach.

So what happened in 2013?

A highly skilled hacking group known as Morpho, Butterfly and Wild Neutron, exploited a Java programming vulnerability to penetrate employees Macs in some major tech companies, including Apple, Facebook, and Twitter.

At that time, it was disclosed that Microsoft was hacked too, but the company made no reference to its bug tracking database.

“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion,” the company said on Feb. 22, 2013.

“We found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected, and our investigation is ongoing.”

How is that related to your company?

Treat your bug tracking database as a protected Jewel, especially if you are a tech company providing software and/or services to your clients.

Follow this link for the source of our article: Reuters.

Want to learn about other security news that shook the internet this week? Check the vulnerability discovery of WPA2, the protocol protecting today’s WiFi networks.

Mohamad El Hout, MBA, M.Eng., CISSP

Mohamad is an entrepreneur and a Senior Security Consultant dealing with the design and delivery of standard and complex security gateway solutions, covering a wide range of cutting edge technologies. His interests include business, technology, leadership, sports, and the continuous pursuit of knowledge.

%d bloggers like this: