Microsoft kept quiet on details of 2013 cyber breach: report

Microsoft kept quiet on details of 2013 cyber breach: report
© Getty

A secret, internal database that Microsoft uses to track bugs in its software was compromised by a hacking group more than four years ago, according to five former employees who spoke with Reuters.

Microsoft did not publicly disclose the extent of the breach when it discovered the hack in 2013.

The stolen database reportedly included descriptions of important vulnerabilities that had not yet been fixed.

The former employees said that Microsoft likely fixed the vulnerabilities in the months following the hack; however, they also note that hackers could have used such information to break into government and corporate computer networks.


Information on vulnerabilities can be valuable for hackers who can use the databases for guidance on what potential vulnerabilities they can exploit in the future.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time of the breach, told Reuters.

Following the breach, Microsoft reportedly looked at other breaches that occurred at the time and said it did not find evidence that information from its database had contributed to those cyberattacks.

One of the employees told Reuters that Microsoft had improved its cybersecurity after the breach.

Hackers have taken advantage of stockpiles of cybersecurity flaws in the past. After a National Security Agency database of cybersecurity exploits was breached, hackers used the information to conduct the massive WannaCry cyberattacks that shut down hospitals in the U.K.