This is really shoddy reporting. The title says Azure data breach whereas the attack is a phishing campaign targeting Office 365. Being a phishing campaign, it is unclear which components of Azure/Microsoft were instrumental in the attack. And the article goes on to make irrelevant allusions to Microsoft's negligent cybersecurity practices. This is such bad reporting that I wonder whether it is done with incompetence or malfeasance.
Microsoft should be considered a threat to national security, particularly in the US. Their clear disregard for product quality at this point is beyond measure and requires government intervention.
> These links led to phishing websites but the anchor text of these links was “View Document”.
They rated NT 4.0 as secure when it had no network connection.
Someone just tried to hack my paypal but I am banned from buying and selling and have 2fa with my Android phone. Github implemented 2fa on their accounts because sometimes developers forgot to take out passwords and API keys.
https://www.proofpoint.com/us/blog/cloud-security/community-...
being blown out of proportions by a series of obscure news websites exaggerating each other's stories.
Edit: for a real interesting Microsoft security disaster (not exploited in the wild AFAIK) check out ChaosDO by Wiz:
https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-v...