Microsoft's Russian breach teaching: activate multi-factor authentication (MFA) ASAP

Microsoft confirmed today that unauthorized actors gained access to a limited number of internal email accounts, including those of some executives and employees. The company attributed the breach to a compromised legacy test account that lacked multi-factor authentication (MFA) safeguards.

According to Microsoft’s official statement, the incident involved a technique known as password spraying, where attackers attempt multiple password combinations on a specific account. 

The actors gained a foothold within the company’s network by exploiting a legacy test account without MFA enabled. They subsequently compromised an OAuth application, granting them access to several employee email accounts.

Microsoft detected the unauthorized access on January 12, 2024, and immediately took steps to contain the breach and remediate the vulnerability. The company confirmed that the compromised accounts belonged to a “very small percentage” of its employee base. The nature and extent of the accessed data remain under investigation.

In response to the incident, Microsoft emphasized its commitment to strengthening its security posture. The company announced plans to accelerate the rollout of MFA across all accounts, including legacy systems, and to conduct a comprehensive review of its security protocols.

The incident has raised concerns about cybersecurity practices within the tech industry, particularly the importance of implementing robust authentication measures like MFA.

More here.