Microsoft employee discovered ‘backdoor’ in open source software that could have impacted millions

Andres Freund, who works at Microsoft, explored the XZ Utils software when he felt it was not working as expected.

A Microsoft employee who decided to investigate after he noticed some software acting strangely has been credited with preventing a major cybersecurity breach that could have impacted millions of servers.

Andres Freund, a German software developer, was using the open source XZ Utils software program when he noticed that secure shell (SSH) logins were failing and using a lot of CPU power, he said on X last month. He then noticed slower logins as well.

XZ was maintained by Lasse Collin, who seemed to be struggling with poor mental health and confirmed a partnership with an entity named Jia Tan in 2022 and 2023, according to Reuters. However, Tan is believed to have created a possible space for exploits, or a ‘backdoor’ in XZ that could have hit all those using the latest version of the program on a widespread basis, per the outlet.

It is not yet confirmed whether the cyber-attack was backed by a nation-state or non-state actors, as officials are still studying the incident.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

The discovery won Freund praise from his employer, as well as the tech community at large.

“Love seeing how @AndresFreundTec, with his curiosity and craftsmanship, was able to help us all. Security is a team sport, and this is the culture we need everywhere,” posted Microsoft chief Satya Nadella on X on April 1.