Microsoft was breached in 2013 but kept quiet


To create a hacking tool, one must first know which flaws to exploit. And what better way to learn about exploitable flaws in the Windows operating system than to ask Microsoft itself? 

Reports from Reuters have claimed that Microsoft was breached four years ago, with five former employees confirming that a security issue took place, but was hushed up.

The flaws were fixed in the months following the breach, it was said. Microsoft investigated the matter, and came to the conclusion that the flaws that were revealed in the hack, were not used for breaches.

Two current employees said the company still stands by that assessment. Three of the former employees believe the investigation didn't unearth enough data to be decisive.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.

Microsoft itself didn't want to discuss the matter, and in an email responding to questions from Reuters, said: “Our security teams actively monitor cyber threats to help us prioritise and take appropriate action to keep customers protected.”

Reuters' full report can be found on this link.

Image Credit: StockStudio / Shutterstock