Skip to content
Blog

Insider Threat Slips Through Microsoft Systems as Employees Expose Login Credentials on GitHub

Ouch. This one has to hurt.

Last week, a cybersecurity firm found that Microsoft employees uploaded login credentials to Microsoft’s own systems to GitHub. Yes, you read that correctly. According to a recent article, “Multiple people who appear to be employees of Microsoft have exposed sensitive login credentials to the company’s own infrastructure on GitHub, potentially offering attackers a gateway into internal Microsoft systems.”  

While exposed creds by an insider is bad news for any organization – Insider Risk is a real problem for every organization. Even for companies who sell products designed to curtail Insider Risk like Microsoft and McAfee and, yes, Code42. We’ve had our own share of incidents at Code42 of employees attempting to exfiltrate customer lists and confidential personnel data.  

What’s remarkable about this breach is that Microsoft didn’t catch these issues with their own Insider Risk technology. Among the numerous product offerings, Microsoft Purview Insider Risk Management is a “compliance solution that helps minimize internal risks by enabling you to detect, investigate, and act on malicious or inadvertent activities in your organization.” Or does it?

Outside researchers discovered the Microsoft breach. To be honest, we aren’t that surprised. Microsoft’s tech is a mish-mash of different applications that need to be strung together and carefully maintained in order to detect data moving to untrusted locations. It’s no wonder that their own security team (which is massive, BTW) struggles to keep the system tuned and effective. But, it begs the question: if Microsoft can’t manage their own tech well enough to spot Insider Risk, could you?

Insider Risk Management. Done Right. 

At Code42 we built our tech from the ground up as one cohesive system. It is easy to deploy, and it integrates with OneDrive, GDrive, Salesforce, Git, and dozens of other applications so that you know where your data is moving at all times. Our tech won’t stop employees from doing risky things, but it will identify those risky behaviors and score them appropriately so you can take action. This is why most security companies use Code42 to manage the problem of Insider Risk. 

Sure, we are not immune from Insider Risk incidents at Code42. But at least when we have incidents, it was our technology that discovered them.

Incydr’s Approach

Respond confidently to data theft before damage is done

Incydr, a data protection solution, allows security teams to detect data theft by monitoring cloud & endpoint exfiltration, and accurately tailor responses to each offense. Let’s work together to protect IP without disrupting users or causing more work for your security team.

Discover Incydr

You might also like: