spiderSilk

Cybersecurity firm spiderSilk found that Microsoft workers uploaded sensitive login credentials to Microsoft's own systems to GitHub.

"We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days"

Mossab Hussein, chief security officer at cybersecurity firm spiderSilk which discovered the issue, told Motherboard in an online chat. SpiderSilk has previously discovered an exposed list of Slack channels belonging to Electronic Arts; the personal information of WeWork customers uploaded by WeWork developers; and that education giant Elsevier exposed users’ passwords.