Microsoft was hacked in 2013, and they responded quietly, according to five former employees who spoke to Reuters.
The secret database for internal bugs, the secret location contained information about critical vulnerabilities in some of the world’s most famous softwares.
The result of the Microsoft hack is literally a jackpot to any Governmental or Terrorist spy agency as it would show them how to build exploits, the tools necessary to break-in to systems using those softwares.
Although the security news that Microsoft was hacked were kept a secret, the company tracked whether stolen vulnerabilities were used in cyberattacks around the same time of the hack. Microsoft also fixed the stolen vulnerabilities within a few months after the attack was detected.
“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.
In an email responding to questions from Reuters, Microsoft said: “Our security teams actively monitor cyber threats to help us prioritize and take appropriate action to keep customers protected.”
The Microsoft matter should remind companies to treat accurate bug reports as the “keys to the kingdom,” said Mark Weatherford, who was deputy undersecretary for cybersecurity at the U.S. Department of Homeland Security when Microsoft learned of the breach.
So what happened in 2013?
A highly skilled hacking group known as Morpho, Butterfly and Wild Neutron, exploited a Java programming vulnerability to penetrate employees Macs in some major tech companies, including Apple, Facebook, and Twitter.
At that time, it was disclosed that Microsoft was hacked too, but the company made no reference to its bug tracking database.
“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion,” the company said on Feb. 22, 2013.
“We found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected, and our investigation is ongoing.”
How is that related to your company?
Treat your bug tracking database as a protected Jewel, especially if you are a tech company providing software and/or services to your clients.
Follow this link for the source of our article: Reuters.
Want to learn about other security news that shook the internet this week? Check the vulnerability discovery of WPA2, the protocol protecting today’s WiFi networks.