A security researcher recently discovered an unsecured instance that allowed access to a large amount of sensitive internal data, including employee email addresses, support ticket records, and attachments. The researcher, writing under a pseudonym, used a tool called , which is a search engine specifically designed to track data breaches involving "information stealers."

信息窃取者是一种从受感染系统收集凭证和敏感信息的恶意软件。WhiteIntel 搜索引擎界面
信息窃取者通常会从不受保护的个人设备上的浏览器中获取已保存的登录详细信息,而公司员工可能会使用这些设备来访问公司基础设施。当 Moblig 搜索与 Microsoft 域绑定的实例时,该工具发现了一个被盗用的凭证。该凭证可用于访问 Microsoft 的 ServiceNow 实例。

The platform manages various internal functions, including human resources processes, employee onboarding, and support ticket handling. In this case, the stolen credentials provided a gateway to the system, as the legacy login options remained active (possibly for third-party access). This thus circumvented the Single Sign-On (SSO) requirement of the system.

After logging in, the user browsed the documentation of and successfully retrieved data from a specific endpoint. Through this, researchers discovered: over employee email addresses and detailed personal information. Sensitive support ticket attachments contained onboarding details, internal support communications, and incident reports.

These findings were reported to the Microsoft Security Response Center () on [Year] [Month] [Day]. After investigating the vulnerability, Microsoft confirmed that a fix had been implemented prior to [Year] [Month] [Day]. It is noted that, although this disclosure could significantly enhance security, Microsoft did not offer any monetary rewards.

Like many large enterprises, Microsoft relies on internal management and detection response systems, but as this report highlights, employee use of personal devices remains a significant security vulnerability. While the individuals involved in this case took responsible actions and reported their findings to Microsoft, it is not unreasonable to assume that others before them did not take the same approach, especially considering the relatively simple process of discovering exposed instances.

author-gravatar

Author: Emma

An experienced news writer, focusing on in-depth reporting and analysis in the fields of economics, military, technology, and warfare. With over 20 years of rich experience in news reporting and editing, he has set foot in various global hotspots and witnessed many major events firsthand. His works have been widely acclaimed and have won numerous awards.

This post has 5 comments:

Leave a comment: