Israeli cyber investigator uncovers Microsoft password leak

A breach in the tech giant's login mechanism meant that over 372,000 usernames and passwords were leaked.

File photo of a Microsoft logo on an office building in New York (photo credit: MIKE SEGAR / REUTERS)
File photo of a Microsoft logo on an office building in New York
(photo credit: MIKE SEGAR / REUTERS)

An Israeli cyber investigator has discovered a breach in tech giant Microsoft's software that allowed for a leak of over 372,000 usernames and passwords, cybersecurity company Guardicore announced on Wednesday.

Amit Serper, a Guardicore Labs investigator who previously worked as a cyber investigator at the Prime Minister's Office, discovered a breach in Microsoft's login mechanism.

According to Guardicore Labs' team of cyber investigators, the mechanism automatically sent usernames and passwords to network domains.

Using this finding, the team bought several domain names as well as over 372,000 usernames and passwords of Microsoft clients were subsequently sent to these domains.

Hundreds of thousands of accounts connected to Microsoft products such as Outlook could be hacked into using this breach in Microsoft's mechanism.

Guardicore noted this incident exhibited how passwords can leak out of any company unnoticed.

 Amit Serper of Guardicore. (credit: JEN ROSENTHAL)
Amit Serper of Guardicore. (credit: JEN ROSENTHAL)

Serper gained international recognition after becoming the first cyber investigator to discover a code that nullified the 2017 NotPetya encrypting malware cyberattack.