Internal Microsoft security bug database got hacked in 2013

Five former Microsoft employees revealed to Reuters that the software giant was the victim of a targeted attack by a highly sophisticated hacking group in 2013. The attackers breached an internal database that contained information about critical and unfixed vulnerabilities in Microsoft software.

Microsoft kept the incident secret and it's only the second known breach of such a corporate database. The flaws that were the subject of the attack were reportedly fixed within months of the hack. Full details can be read at Reuters.

The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.

Microsoft refuses to discuss the incident.