Over four years ago, Microsoft's internal database for bug tracking was apparently breached by hackers. It was discovered in 2013 but never disclosed to the public, according to five former employees of the company who spoke with Reuters.
This is a serious issue because of what exactly was hacked. Microsoft's internal database of bugs contains secret security flaws and possible exploits within its widely used software that need to be fixed. With this information, hackers and foreign governments had a road map on how to breach vulnerable systems.
Microsoft was able to fix the stolen vulnerabilities within a few months after the hack was detected. The company also checked to see whether the leaked information had been used in other breaches around that same time, before Microsoft was able to patch them. The company was unable to link their internal hack to any other breaches.
According to the former employees, Microsoft has since put more of an emphasis on internal security. Still, the fact that Microsoft didn't disclose that the breach occurred isn't a great move. It's not hard to follow their line of thinking -- that bringing publicity to it might encourage the group responsible to exploit these vulnerabilities more quickly because they knew the breach had been noticed and an eventual fix for these issues was coming. But the fact remains that computer systems around the world were even more vulnerable than usual because of a security breach. Had it been public, the organizations could have taken preventative measures to ensure their security.