Microsoft error could open the door to the most damaging phishing scam to date

A Desktop Service Store (DS_STORE) file was left sitting on a publicly accessible web server belonging to Microsoft Vancouver in a significant security failing for the company, reports have claimed.

Had the file fallen into the hands of malicious actors, it could have been used for cyberattacks or malware distribution all over the web, as it stores metadata leading to WordPress database dumps, administrator usernames and email addresses, as well as hashed passwords for the Microsoft Vancouver website.

Source link