Microsoft Corporation has found itself in privacy scandal, much like most tech giants right now.
According to former employees of Microsoft, the company’s database containing sensitive data had been hacked back in 2013 – Microsoft never disclosed this to the public or its customers.
Its been more than four years since some highly sophisticated hackers broke into Microsoft’s database – the company holds critical data of software and companies throughout the world – the data they are supposed to protect. It would have been a serious blow to Microsoft if they had disclosed this back then.
Contents of the Database
The five former employees said that the database contained descriptions of untended bugs and vulnerabilities in software used widely in the world – including the Microsoft Windows Operating System, the OS installed on almost every computer in the world.
Hackers and spies working for governments yearn for such data so they can exploit the weaknesses in the software more easily and get the upper-hand while doing an electronic breach in a system. The data basically presents them with a way to create tools to hack into the software.
How it Happened
Ironically, a hacker group exploited a flaw in the Java programming language to penetrate Microsoft employees’ Apple Macintosh computers and then moved to company networks, gaining access to a database of of critical and unfixed vulnerabilities in Microsoft software, including Windows.
The attack happened around the same time a wave of attacks was witnessed by other companies such as Apple, Facebook and Twitter, and Microsoft at the time only released a toned down statement saying:
“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion,” (Feb. 22, 2013).
Flaws Fixed in a Month
The flaws described in the stolen database had been fixed a month after the breach. US officials and Microsoft were alarmed and tended to it as fast as they could because any hackers could have used the data to break into high-level and critical systems such as government institutes and corporate networks.
Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time, said,
Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world.