“Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database,” Joseph Menn reports for Reuters. “The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.”
“The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system,” Menn reports. “Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.”
“The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks,” Menn reports. “Microsoft discovered the database breach in early 2013 after a highly skilled hacking group broke into computers at a number of major tech companies, including Apple Inc, Facebook Inc and Twitter Inc.”
“More than a week after stories about the breaches first appeared in 2013, Microsoft published a brief statement that portrayed its own break-in as limited and made no reference to the bug database,” Menn reports. “‘As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion,’ the company said on Feb. 22, 2013.”
Read more in the full article here.
MacDailyNews Take: Microsoft is deceitful. Shocker.
The only good news is that anybody trying to use a Windows PC already expects it to be an insecure hackers paradise.
BTW: As we don’t know what was taken in Microsoft’s undisclosed software vulnerabilities database hack, we don’t know if this is related, but Target’s Windows-based terminals were infected with malware in 2013 which resulted in a massive data breach affecting at least 70 million people.
Massive data breach: Target’s Windows-based PoS terminals were infected with malware – January 13, 2014
Target debacle: Retailer now says 70 million people hit in massive data breach – January 10, 2014
NY Apple thefts eyed in Target’s nationwide credit breach – December 20, 2013
Target hit by massive credit-card breach – December 19, 2013