A cybersecurity firm found that Microsoft workers uploaded sensitive login credentials to Microsoft's own systems to GitHub.