Perspective from our Fausto Oliveira, principal security architect
At least one researcher questioned the security and privacy protections that Microsoft had in place.
“This incident shows some concerning issues with the way data security was handled,” Fausto Oliveira, principal security architect at Acceptto, told Threatpost. “These are the more worrying facts that arise from this incident: Access to the data was not protected using (at least) username and passwords, although for this level of confidentiality I would expect it to be protected using multifactor authentication; not all data was encrypted; data about a customer is being retained well past what I would think reasonable — 14 years’ worth of support data strikes as beyond a sensible data retention interval; from the disclosure, the threat surface was exposed for 25 days, although Microsoft found no evidence of malicious use, it is quite a long interval of exposure; and poor governance. If the correct policies and processes where enforced effectively, this type of event should be near impossible to occur.”
Read the full article at threatpost website.