Back in 2013, Microsoft suffered a rather critical security breach. The company’s internal bug reporting database was compromised, giving those who hacked into it access to a list of unresolved bugs and vulnerabilities within Windows. That’s worrying enough on its own, but then comes the realization that Microsoft actually kept details of the breach from the public.
So reports Reuters, which spoke to five former Microsoft employees who had knowledge of the breach. Obviously, the fact that those hackers gained access to that bug database turns this into a critical event, as they then know what kind of vulnerabilities exist in the Windows ecosystem. With that information, a skilled group of hackers could potentially do a lot of damage.
When asked by Reuters, Microsoft didn’t confirm that such a breach ever happened. The former employees claimed that those flaws were fixed within months, and that Microsoft examined breaches from other companies following its own attack to figure out if those stolen vulnerabilities played a part. Microsoft apparently found no evidence that this breach contributed to attacks elsewhere.
It’s worth noting that only two of those former employees agreed with Microsoft’s fallout assessment when asked by Reuters, while the other three said that Microsoft didn’t look deep enough when it was trying to determine if other companies were affected by this breach. In any case, that database was made more secure following the breach, which if nothing else serves as a little comfort in the grand scheme.
Still, it’s troubling that Microsoft never reported this attack to the public. It’s not hard to see Microsoft’s line of thinking, as it didn’t want to let people know that these vulnerabilities were out in the open, thereby urging the hackers who took them to actually put them to use before they were patched. Still, if Microsoft had alerted the public, companies and consumers could have taken their security in their own hands, taking preventative measures while Microsoft worked to close the vulnerabilities that were stolen.
So, while it’s somewhat easy to see why Microsoft would hesitate to share this information publicly, it still probably wasn’t the best move. What do you think? Should Microsoft have kept this secret, or should it have gone public with the details of its breach? Head down to the comments section and let us know!