Microsoft Quietly Responded after Secret Database Hack in 2013

According to five former employees of the software firm, the secret internal database of Microsoft Corp designed for tracking bugs and errors in its own software was compromised. More than four years ago, a sophisticated hacking group broke into the corporate database, which is the second known breach of its kind. The extent of the attack was not disclosed by the company to its customers or the public after they had discovered it in 2013, but the five employees described it in detail. There were descriptions of unfixed and critical vulnerabilities in the database that pertained to some of the most widely used software in the world like the Windows operating system.

Such information is coveted by spies for governments all over the world because it enables them to make tools for conducting electronic break-ins. The former employees said that within months of the hack, Microsoft fixed the flaws in their software. Yet, the US officials informed of this hack were alarmed because the data could have been used by hackers at that time for mounting attacks elsewhere, which would have provided them access to corporate and government networks. At that time, the US deputy assistant secretary of defense for cyber was Eric Rosenbach.

He said that hackers accessing that information would have a key to hundreds of millions of computers all over the world. After a wave of damaging attacks and breaches, companies of all kinds have now increased their efforts to locate and fix bugs that exist in their software. A number of companies including Microsoft pay hackers and security researchers ‘bounties’ for providing them information about any flaws in their system. This increases the flow of data related to bugs and makes the effort of securing material quite urgent. Microsoft didn’t discuss the incident and only said that their security teams are constantly working to analyze any possible cyber threats to take necessary actions for protecting customers.

The five ex-employees of the software giant stated that after the company had discovered the attack, it had taken a look at the breaches happening in other organizations and had found no evidence to indicate that information stolen from them had been used in those incidents. Two existing employees of the firm said that this assessment is accurate, but three of the former ones have said that minimal data was studied for reaching this conclusion. After the breach, Microsoft had tightened up its security as the database had been walled off from the corporate network.

In addition, two authentications had been made necessary for gaining access. This year, the matter of the danger posed by information on security invulnerabilities in software has been publicly debated. This was because a stockpile of hacking tools were stolen from the National Security Agency, which were then published and used for carrying out the ‘Wanna Cry’ attacks against UK facilities and hospitals. Only one breach has been disclosed as far as a big data of a software firm is concerned and that was in 2015 by the Mozilla Foundation, creator of the Firefox web browser.