Enlarge / Microsoft in Dublin, Ireland. (credit: Red Agenda / Flickr)
Hackers broke into Microsoft’s secret, internal bug-tracking database and stole information related to vulnerabilities that were exploited in later attacks.

But the software developer never disclosed the breach, Reuters reported, citing former company employees.
In an article published Tuesday, Reuters said Microsoft’s decision not to disclose details came after an internal review concluded the exploits used in later attacks could have been discovered elsewhere.

That investigation relied, in part, on automated reports Microsoft receives when its software crashes.

The problem with that approach, Reuters pointed out, is that advanced computer attacks are written so carefully they rarely cause crashes.
Reuters said Microsoft discovered the database breach in early 2013, after a still-unknown hacking group broke into computers belonging to a raft of companies.

Besides Microsoft, the affected companies included Apple, Facebook, and Twitter.

As reported at the time, the hackers infected a website frequented by software developers with attack code that exploited a zero-day vulnerability in Oracle’s Java software framework. When employees of the targeted companies visited the site, they became infected, too.
Read 5 remaining paragraphs

Leave a Reply