data breach by the Lapsus$ group . For this reason, if you are a user of Microsoft products, it is important to know about the timing of Microsoft data breaches .
Contents hide
March 1 , 2022 - hacked by Lapsus$ group
August 2, 2021 - Incorrect configuration in Power Apps
August 3 , 2021 - Microsoft Azure Databases and Customer Accounts Leaked
April 4 , 2021 - Data of 500 million LinkedIn users was scraped and sold
January 5, 2021 - Over 60,000 hacks caused by vulnerability in Microsoft Exchange Server
December 6 , 2020 — Malicious Updates Target Microsoft and SolarWinds Customers
December 7 , 2019 - Over 250 Million Customer Records Exposed
April 8 , 2019 - Support agent credentials were compromised
November 9, 2016 - Skype accounts hacked to send spam messages
May 10 , 2016 - Over 33 Million Hotmail Accounts Up for Sale
October 11 , 2013 - Microsoft's internal bug tracking database was hacked
March 12 , 2013 - 3,000 Xbox Users' Credentials Exposed
June 13 , 2012 - Malware sent to computers under the guise of a Microsoft update
14 From 2011 to 2013, Xbox Underground repeatedly hacked Microsoft
December 15 , 2010 - Microsoft BPOS Data Leak
January 16, 2010 - Zero-day flaw in Microsoft Internet Explorer leads to hacking of major US companies
17 Ways to Avoid a Security Breach
17.1 Related publications:
March 2022 - hacked by Lapsus$ group
On March 20, 2022, the Lapsus$ group shared a picture on their Telegram channel , showing that they had hacked Microsoft. The picture concerned Azure DevOps, a collaboration software launched by Microsoft. The group said that Cortana, Bing, and other projects had been compromised as a result of the hack. However, on March 22 , 2022, Microsoft released a statement confirming that the attack had occurred . The statement also said that no customer data had been compromised. According to the company , the description shows that only one account had been hacked , but the security team was able to stop the attack before the hacking group could get deep into Microsoft accounts . As for Lapsus$, they hacked the accounts for financial reasons, and there was nothing political about it.
August 2021 - Incorrect Configuration in Power Apps
Misconfiguration of Microsoft Power apps resulted in a huge data breach as the portal settings were incorrect. According to the company, around 38 million records were exposed when over 47 companies stored their data on public platforms. These companies included Ford Motors, New York MTA, and American Airlines, so the format and nature of the data varied. For example, some data was related to employee information, while information on COVID-19 testing, vaccination, and tracing was also leaked. However, sensitive and personal information such as social security numbers, demographic information, address, full names, and dates of birth were leaked. This Microsoft data breach was discovered by UpGuard, which is a well-known cybersecurity firm . It is not known whether the hackers accessed the information before the companies fixed the data breach. The misconfiguration was caused by third-party companies and is not Microsoft’s fault. However, Microsoft has published documentation to prevent public access to the data, but the public feels that the technical documentation is not enough.
August 2021 - Microsoft Azure Databases and Customer Accounts Leaked
According to Wiz security researchers, they were able to gain access to a Microsoft Azure customer database and accounts back in August 2021. Specifically, the data included records from various Fortune 500 companies. According to Wiz, they were only investigating the system and found vulnerabilities in the Azure database. Through these vulnerabilities, the researchers were able to gain full access to data such as customer account data and an array of databases . However, it is unknown whether third parties other than Wiz researchers had access to this data. Microsoft is entirely to blame for this data leak, as flaws in Cosmos DB led to a backdoor that allowed access to the database. In addition, the researchers were able to delete, modify, and download information stored in the database.
April 2021 - Data of 500 million LinkedIn users was scraped and sold
Another Microsoft data breach involved scraping and selling LinkedIn data from more than 500 million users. Specifically, the personal details of this account were put up for sale on a hacking forum in April 2021. The data was scraped from publicly available data on LinkedIn, which included contact numbers and email addresses, a spokesperson told Business Insider .
]
January 2021 - Over 60,000 breaches caused by Microsoft Exchange Server vulnerability
This is one of the largest security breaches with over 60,000 attempts to hack Microsoft Exchange servers - these hacking attempts disrupted the operations of over 30,000 US companies and 60,000 global companies. This Microsoft data breach was discovered in January 2021 when a security researcher found some irregular activities on the Microsoft Exchange Server. Specifically, someone was downloading emails on the server and when an investigation was conducted, more requests were received to access sensitive files and emails. Four zero-day vulnerabilities provided unauthorized access to data and allowed outsiders to access system backdoors, hack servers, and organize malware attacks . Microsoft quickly patched the vulnerable parts of the system, but the security of the system depended on the server owners. This is because if the appropriate updates are not applied , the hacking problem will remain the same, leading to more hacking attempts. The reports did not specify the total damage caused by the Microsoft data breach, but the Biden administration blamed China, as some of the attacks originated from Hafnium, China.
December 2020 - Malicious Updates Target Microsoft and SolarWinds Customers
