The organization did not disclose the scope of the attack to the people or its consumers after its discovery in 2013, but the five former employees described it to News in separate transcripts. Microsoft refused to discuss the incident.
The database included descriptions of critical and unfixed vulnerabilities in some of the widely used software in the world, including the Windows OS. Spies for governments throughout the globe and other hackers covet such data because it shows them how to design tools for electronic break-ins.
The Microsoft flaws were settled likely within months of the hack, according to the former employees. Yet uttering out for the first time, these former employees, as well as U.S. officials informed of the breach by News, said it frightened them because the hackers could have handled the data at the time to mount attacks elsewhere, casting their reach into government and corporate networks.
“Bad guys with exclusive access to that data would actually have a ‘skeleton key’ for numbers of millions of computers around the world,” said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.
Companies of all lines now are ramping up efforts to locate and fix bugs in their software amid a wave of crippling hacking attacks. Many firms, including Microsoft, pay security researchers and hackers “bounties” for data about defects increasing the flow of bug data and performing efforts to secure the material more urgent than ever.
In an email reply to questions from News, Microsoft said: “Our security teams actively controls cyber threats to help us prioritize and take suitable action to keep customers protected.”
Sometime after hearing of the attack, Microsoft went back and watched at breaches of other organizations around then, the five ex-employees said. It uncovered no evidence that the stolen information had been employed in those breaches.
Take your time to comment on this article.