A SECRETIVE INTERNAL DATABASE used by Microsoft to track bugs in its software was compromised by hackers in 2013.
The hack, which is only the second known breach of such a corporate database, was revealed by five ex-Microsoft employees who described it to Reuters in separate interviews. Microsoft, however, has not disclosed the extent of the breach.
The firm reportedly learnt of the breach in early 2013 after a hacking group launched a series of attacks against high profile tech firms including Apple, Twitter and Facebook.
The hacking group in question, known as called Morpho, Butterfly and Wild Neutron by security researchers, is said to have exploited vulnerabilities in Java in order to penetrate employees' Apple (eh?) computers and then company networks.
The five ex-employees said the company's officials became worried once they realised the database, which contained descriptions of critical and unfixed vulnerabilities in Windows, had been accessed. The database had reportedly been poorly protected with only a password needed to enter it.
While Microsoft failed to disclose the breach and had reportedly fixed the flaws "within months of the attack", three of the ex-employees interviewed by Reuters said that the stolen bugs may have been used in attacks following the breach.
"They absolutely discovered that bugs had been taken," one source said. "Whether or not those bugs were in use, I don't think they did a very thorough job of discovering."
Microsoft released a short statement following the attack on 22 February 2013 that said: "As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.
"We found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected, and our investigation is ongoing."
Microsoft tightened up security after the breach, the former employees said, walling the database off from the corporate network and requiring two authentications for access. µ
Crapsicab firm says bug 'isn't particularly severe'
4.15 follows shortly
Lithium-metal batteries are lighter and hold more juice
Loved up... but weighed down with debt