An internal database used by developers at Microsoft to track bugs and potential security flaws in the Windows operating system was compromised by hackers in 2013, in an attack that Microsoft is accused of having covered up.
The hack, which is only the second known breach of such a corporate database, was revealed by five ex-Microsoft employees, who described it to newswire Reuters in separate interviews. Microsoft, however, has not disclosed the extent of the breach.
The company reportedly learnt of the breach in early 2013 after a hacking group launched a series of attacks against high-profile tech firms, including Apple, Twitter and Facebook.
The hacking group in question, known as called Morpho, Butterfly and Wild Neutron by security researchers, is said to have exploited vulnerabilities in Java in order to penetrate employees' Apple computers and then company networks.
The five ex-employees said the company's officials became concerned once they realised that the database, which contained descriptions of critical and unfixed vulnerabilities in Windows, had been accessed. The database had reportedly been poorly protected with only a password required to access it.
While Microsoft failed to disclose the breach and had reportedly fixed the flaws "within months of the attack", three of the ex-employees interviewed by Reuters said that the stolen bugs may have been used in attacks following the breach.
"They absolutely discovered that bugs had been taken," one source said. "Whether or not those bugs were in use, I don't think they did a very thorough job of discovering."
Microsoft released a terse statement following the attack on 22 February 2013. It said: "As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.
"We found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected, and our investigation is ongoing."
Microsoft tightened up security after the breach, the former employees said, walling the database off from the corporate network and requiring two-factor authentication for access.
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert