According to a report, state-backed Russian hackers compromised cloud servers’ security and infiltrated Microsoft’s system. As a result, the attackers have stolen email addresses from at least one company and other personal information. However, Microsoft was not subjected to this attack.
Microsoft cloud services under attack
Instead, the Russian hackers focused on a Microsoft partner that resells cloud storage services from the tech giant. Given that the attackers have stolen the victims’ Azure credentials, the attacker may soon access other important information, including the organization-level settings.
Considering this, Microsoft has already sent out emails to the companies it thinks may have got infected. It is also worth noting that the tech giant has not revealed whose information was taken from the infected system. The issue has now been patched, but we are unsure about the specific actions taken when the accounts were under hackers’ control.
While the attack isn’t so big, more people and experts are concerned about how a Microsoft partner could let this happen. This is a piece of disturbing news at a time when more companies are making their way to cloud-based storage options from conventional data storage.
Knowing that a Microsoft partner couldn’t protect their servers from Russian hacking attempts raises serious questions about how secure these ‘secure’ cloud storage spaces are. Nevertheless, the company would inevitably pay more attention to the security aspect manipulated to steal information from the servers, bypassing multiple security check layers.
In light of this attack and others in the past, experts suggest a two-way approach to security. Besides keeping everything on the cloud, it makes sense to keep a copy of your information on local storage — just in case.
Well, cloud services aren’t unhackable, as some companies may make you believe. Of course, tech firms like Microsoft offer the best security to your data, but even the best may tremble when there is a well-targeted attack.
Via: Washington Post.