Microsoft
The database that drives m.careersatmicrosoft.com was handled by a mobile web development company that Microsoft relied on, and it was accessible without any authentication for a few weeks.
All signs pointed to the database, which was a MongoDB instance, not being write-protected.
Therefore, an attacker may have altered the database and, as a result, the HTML code of the job listing pages throughout the disclosed time period.
Everything was secured once Chris Vickery informed Punchkick and Microsoft of the issue.
"id": "MIC41021823",
"linkid": "microsoft",
"type": "Data Leak",
"date": "02/2016",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"