The database that drives m.careersatmicrosoft.com was handled by a mobile web development company that Microsoft relied on, and it was accessible without any authentication for a few weeks.
All signs pointed to the database, which was a MongoDB instance, not being write-protected.
Therefore, an attacker may have altered the database and, as a result, the HTML code of the job listing pages throughout the disclosed time period.
Everything was secured once Chris Vickery informed Punchkick and Microsoft of the issue.
TPRM report: https://scoringcyber.rankiteo.com/company/microsoft
"id": "mic41021823",
"linkid": "microsoft",
"type": "Data Leak",
"date": "02/2016",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Technology',
'name': 'Microsoft',
'type': 'Corporation'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'type_of_data_compromised': 'Job listing data'},
'description': 'The database driving m.careersatmicrosoft.com, handled by a '
'mobile web development company, was accessible without '
'authentication for a few weeks. The MongoDB instance was not '
'write-protected, allowing potential alterations to the '
'database and HTML code of job listing pages. The issue was '
'secured after notification by Chris Vickery.',
'impact': {'data_compromised': 'Job listing data',
'systems_affected': 'MongoDB database'},
'post_incident_analysis': {'root_causes': 'Lack of authentication and '
'write-protection'},
'response': {'containment_measures': 'Secured the database',
'third_party_assistance': ['Chris Vickery']},
'title': 'Unsecured Database Exposure at Microsoft Careers Site',
'type': 'Data Exposure',
'vulnerability_exploited': 'Lack of Authentication'}