cyber Vulnerability

Microsoft

Oct 4, 2023 1 min read
Microsoft

The database that drives m.careersatmicrosoft.com was handled by a mobile web development company that Microsoft relied on, and it was accessible without any authentication for a few weeks.

All signs pointed to the database, which was a MongoDB instance, not being write-protected.

Therefore, an attacker may have altered the database and, as a result, the HTML code of the job listing pages throughout the disclosed time period.

Everything was secured once Chris Vickery informed Punchkick and Microsoft of the issue.

Source: https://www.google.com/url?q=https://mackeeper.com/blog/data-breach-reports-2016/&sa=D&source=editors&ust=1692574512936339&usg=AOvVaw2NDboSg8LTeHnoIGtNIASb

"id": "MIC41021823",
"linkid": "microsoft",
"type": "Data Leak",
"date": "02/2016",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.