Microsoft Launches Project Spartan Bounty
October 17, 2017 by

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a report has revealed.

Microsoft’s internal database of bugs contains security flaws and exploits of its software in a secretive stash, a database of bugs that the company uses to track and record vulnerabilities. According to five former employees who spoke to Reuters, a highly sophisticated hacking group breached the database over four years ago in 2013.

The former employees spoke to Reuters about the incident, which was never disclosed by Microsoft to the public or its customers after discovering the breach soon after.

‘The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system,” the Reuters report read. ‘Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.’

According to the employees, Microsoft fixed the flaws within months of the hack. Still, the breach could yet have repercussions as U.S. officials – now informed of the breach – are concerned about the ways in which the sophisticated group of hackers could have used the intel to carry out attacks elsewhere, on individuals, corporations and government networks alike.

The sophisticated group has been variously called Morpho, Butterfly and Wild Neutron and broke into other major tech giants including Apple, Facebook and Twitter. It is yet unknown if the group is sponsored by a state but the discreet group remains one of the most proficient and mysterious hacking groups out there.

Microsoft looked at breaches of other organizations soon after learning of the attack and found no credible evidence that the stolen information was used to exploit companies suffering those breaches, according to the former employees. While two employees steadfastly stand by the assessment, three insist that the study done by Microsoft had too little data to be conclusive.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said US deputy assistant secretary of defense for cyber Erin Rosenbach.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Microsoft Sees Cryptocurrency Miners as an ‘Increasing Threat’

Software giant Microsoft has labelled malicious cryptocurrency miners as an increasing threat as...

Read more arrow_forward

Meltdown, Spectre Bugs Bring More Grief to Microsoft, AMD Users

Microsoft has temporarily paused issuing patches to the Metldown and Spectre vulnerabilities for AMD...

Read more arrow_forward

Pizza Hut Suffers Customer Card Breach, Discloses Hack 2 Weeks Later

Pizza chain Pizaa Hut was hacked on October 1st and October 2nd this month with hackers stealing...

Read more arrow_forward