Microsoft

The database that drives m.careersatmicrosoft.com was handled by a mobile web development company that Microsoft relied on, and it was accessible without any authentication for a few weeks.

All signs pointed to the database, which was a MongoDB instance, not being write-protected.

Therefore, an attacker may have altered the database and, as a result, the HTML code of the job listing pages throughout the disclosed time period.

Everything was secured once Chris Vickery informed Punchkick and Microsoft of the issue.

Source: https://www.google.com/url?q=https://mackeeper.com/blog/data-breach-reports-2016/&sa=D&source=editors&ust=1692574512936339&usg=AOvVaw2NDboSg8LTeHnoIGtNIASb

"id": "MIC41021823",
"linkid": "microsoft",
"type": "Data Leak",
"date": "02/2016",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"