Conversation
Notices
-
Embed this notice
Aether ??? (aether@poa.st)'s status on Saturday, 27-Jan-2024 22:36:46 JST Aether ??? Microsoft accidentally granted global admin privileges to a random legacy test account.
arstechnica.com/security/2024/01/in-major-gaffe-hacked-microsoft-test-account-was-assigned-admin-privileges/
Which then got hacked by Russia.
Granting the hackers read access to every Office 365 account in the world.
From the comments at Ars Technica:
>To summarize the fuckups:
>1. Created test tenant with access to prod data
>2. Created test account with weak password
>3. Made test account accessible from internet
>4. Never enabled 2FA on test account
>5. Gave test account admin role
>6. Did not monitor for slow password sprays (a known technique)
>7. Failed to disable test account at end of testing
>8. Failed to monitor for unused/test accounts in production environment
>9. Did not monitor executives' accounts for surreptitious access
>10. Did not monitor internal test account (that apparently hadn't been accessed in years) for "unusual login activity"
>Did I miss anything? By my count, that's ten fuckups. It's kind of impressive!
Genuinely useful comments at Ars Technica? What is the world coming to?