Microsoft

Website credentials of various users got leaked via an overlooked field named DS_STORE file that belongs to Microsoft Vancouver.

The exposed WordPress credentials could be used by the attackers to exploit the Microsoft Vancouver website, or they could also use the Microsoft domain to stage phishing campaigns.

Public access to the DS_STORE file was soon disabled and no sensitive data was further leaked after the file was secured.

Source: https://securityaffairs.co/wordpress/125420/data-breach/microsoft-vancouver-data-leak.html

"id": "MIC133111221",
"linkid": "microsoft",
"type": "Breach",
"date": "12/2021",
"severity": "45",
"impact": "4",
"explanation": "attack with signifiant impact with customers data leaks."