Microsoft, one of the most well known technology companies in the world, recently came under fire from security researchers and the public alike for what some describe as “grossly irresponsible” security practices. This criticism follows reports of multiple data breaches which have allowed hackers to gain access to sensitive customer information stored by Microsoft.
In early 2020, Microsoft announced that hackers had access to user email accounts and Windows Linux systems for at least two months before the company was notified. The hackers took advantage of a vulnerability in the Azure AD Connect synchronisation tool which enabled them to bypass multi-factor authentication. This allowed them to view account details, including emails and passwords. Microsoft said it had “not seen any evidence that the attacks resulted in access to other areas of customers’ Microsoft accounts”, but the incident still raised serious questions about its security practices.
Since then, Microsoft has come under fire from security researchers for failing to act quickly and responsibly when it comes to security issues. According to reports, Microsoft was alerted of the vulnerability months before the breach occurred, yet it failed to patch the vulnerability or notify customers in a timely manner. Microsoft’s slow response has caused some to accuse the company of “grossly irresponsible” security practices.
The situation has been further compounded by some reports that Microsoft has been using customer data for targeted advertising. Research by The Guardian revealed that Microsoft’s software was harvesting customer data from its services, such as Outlook and Bing, in order to target users with ads. Microsoft has since then said that it is “committed to protecting user privacy” but the incident still highlights the company’s lack of data security.
The criticism against Microsoft illustrates the dangers of inadequate security practices, and the need for companies to take steps to ensure customer data is secure. Microsoft in particular has been heavily criticised for its lack of responsibility when it comes to protecting the data of its customers. It remains to be seen if the company will take steps to address its security issues and ensure that customer data is kept safe.
