MicrosoftĬomputing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$. Initially, described the hack as a mere “incident” and denied any theft, but clarified the situation a few days later and reimbursed the affected users.
They stole $18 million of Bitcoin and $15 million of Ethereum. The attack took place on January 17th, and targeted nearly 500 people’s cryptocurrency wallets.ĭespite the blockchain being a relatively secure transaction method, the thieves used a pretty simple method to get the job done: they circumvented the site’s two-factor authentication ( 2FA). The firm said, "It is a better resolution to change the product in response to observed user behaviors than to label systemic loss of data confidentiality an end user mis-configuration, allowing the problem to persist and exposing end users to the cybersecurity risk of a data breach.(Image credit: Lordowski / Shutterstock) Ĭryptocurrency is big business, so it’s no wonder that was subjected to a serious breach at the start of 2022. The research foundation blasted the alibi given by the company calling the anomaly a part of the design and leaving it on the end user to configure. We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs." In a statement gathered by Engadget, Microsoft said "Our products provide customers flexibility and privacy features to design scalable solutions that meet a wide variety of needs.
MICROSOFT DATA BREACH 2021 SOFTWARE
"While we understand (and agree with) Microsoft's position that the issue here is not strictly a software vulnerability, it is a platform issue that requires code changes to the product, and thus should go in the same workstream as vulnerabilities," said the researchers.
MICROSOFT DATA BREACH 2021 REGISTRATION
In cases like registration pages for COVID-19 vaccinations, there are data types that should be public, like the locations of vaccination sites and available appointment times, and sensitive data that should be private, like the personally identifying information of the people being vaccinated." said the firm.Īccording to the researchers, they had warned the company of the discrepancy back in June 24 but the company refused to pay heed. "Power Apps portals have options built in for sharing data, but they also have built in data types that are inherently sensitive. Government entities in Indiana, New York city and Maryland were also discovered in the list of leaked organizations by the firm. Microsoft Mixed Reality, a software that allows businesses and individuals to build personalized simple software with the help of pre-installed templates, was used by a gamut of huge companies like the American Airlines, Ford, J.B hunt. 39,000 emails registered with Microsoft Mixed Reality were also exposed. The information contained 332,000 emails and employee ids used by Microsoft's payroll services and almost 85,000 records of other individuals. Research team Upguard said, "The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses."įorty-seven different agencies were affected by the breach which has since been rectified by the tech-giant. The data included employee information, Covid related personal information and email ids and phone numbers of millions of individual, making it one of the largest possible data leaks in the recent history. (RTTNews) - Personal data of 38 million users were accidentally leaked due to a fault in Microsoft's (MSFT) Power Apps software.
0 kommentar(er)
