Seems to be this Proofpoint blogpost about a phishing campaign:<p><a href="https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments" rel="nofollow">https://www.proofpoint.com/us/blog/cloud-security/community-...</a><p>being blown out of proportions by a series of obscure news websites exaggerating each other's stories.<p>Edit: for a real interesting Microsoft security disaster (not exploited in the wild AFAIK) check out ChaosDO by Wiz:<p><a href="https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-vulnerability-walkthrough" rel="nofollow">https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-v...</a>
This is really shoddy reporting. The title says Azure data breach whereas the attack is a phishing campaign targeting Office 365. Being a phishing campaign, it is unclear which components of Azure/Microsoft were instrumental in the attack. And the article goes on to make irrelevant allusions to Microsoft's negligent cybersecurity practices. This is such bad reporting that I wonder whether it is done with incompetence or malfeasance.
Microsoft should be considered a threat to national security, particularly in the US. Their clear disregard for product quality at this point is beyond measure and requires government intervention.<p>> These links led to phishing websites but the anchor text of these links was “View Document”.<p>Fucking noobs.