The Target: Microsoft, one of the world’s leading computer hardware and software companies.
The Take: Exposure of Personally Identifiable Information belonging to over 65,000 business entities. The data included: names, email addresses, email content, company name, phone numbers, Statement of Work documents, product offers, and more.
The Vector: A misconfigured Microsoft server was accessible over the internet to anyone with a connection.
This breach is a stark reminder that authentication controls are a critical piece in an overall robust cybersecurity posture, including maintaining correct access configurations. In addition, multi-factor authentication, reasonably regular forced password resets, and password length and complexity rules are all effective strategies to mitigate these kinds of breaches to protect a firm’s data.