• @Knusper@feddit.de
    link
    fedilink
    1011 year ago

    Gotta love these kind of news. There’s always these hypothetical discussions of clouds being insecure and companies generally just ignore that, because clouds are theoretically, sometimes cheaper.

    And then every now and then, half the internet leaks out of one of these clouds and everyone’s like, holy crap, and then companies go back to generally just ignoring that, because clouds are theoretically, sometimes cheaper.

    • @TheCee@programming.dev
      link
      fedilink
      English
      251 year ago

      Unfortunately nobody in charge has seen consequences for their decision to save a few theoretical nickels, so far. But then again, a lot of software/IT related stuff would look completely different, if anybody did.

      • @Knusper@feddit.de
        link
        fedilink
        91 year ago

        Yeah, with the GDPR, you could theoretically get sued for using inappropriate technologies, but unless a proper expert committee officially declares Azure et al unsalvagable, you can always say, you thought you were using safe technologies.

    • @sep@lemmy.world
      link
      fedilink
      15
      edit-2
      1 year ago

      I do not think anyone belive clouds are cheaper. For a stable workload probably 2x as expecive. Especially when you also count the new finops department you need to know what you are actually paying for in the cloud.

      What cloud do give is virtualy infinite capacity, infinite scale out performance, instant availabillity and scaleabillity up to a global presence, no up-front cost, no tear down cost, bragging rights, no long running contracts and api’s for EVERYTHING.

      Edit: I did see you write theoretically ;)

      • X3I
        link
        fedilink
        71 year ago

        Let me add another important point: outsourcing responsibility. In case of a data breach, you have someone to sue and you don’t need a whole internal team to be up to date on the latest security topics. Instead, they just have to be able to manage the web interface (not saying that is easy, just less subject to changes)

        • @Default@aussie.zone
          link
          fedilink
          51 year ago

          Ding ding ding. It’s all about outsourcing accountability as much as possible. Always need a finger to point at if things go wrong.

    • @XTornado@lemmy.ml
      link
      fedilink
      2
      edit-2
      1 year ago

      Given the average company I believe the cloud being more secure, of course they can shoot themselves d in the foot in the cloud as well but that wouldn’t be the cloud being insecure. The cheaper part… not sure if I would agree, it is more simple and easier to manage than your own physical hardware and all that entails, unless you require very little, that’s for sure.

  • @Nighed@sffa.community
    link
    fedilink
    English
    991 year ago

    The exposed data included backups of personal information belonging to Microsoft employees, including passwords for Microsoft services, secret keys, and an archive of over 30,000 internal Microsoft Teams messages originating from 359 Microsoft employees.

    In an advisory on Monday by the Microsoft Security Response Center (MSRC) team, Microsoft said that no customer data was exposed, and no other internal services faced jeopardy due to this incident.

  • NegativeLookBehind
    link
    fedilink
    761 year ago

    📎 “It looks like you’re trying to steal terabytes worth of data. Here, let me just give it to you!”

    • @TheChefSLC
      link
      51 year ago

      Lol! I used to pin him to my desktop. I loved having him for some reason…

  • Capt. Wolf
    link
    fedilink
    431 year ago

    Microsoft said that no customer data was exposed.

    Well then, let’s break out the popcorn, this should be fun!

    • Sabata11792
      link
      fedilink
      301 year ago

      That’s what they all say before the customer data leak disclosure.

    • snooggums
      link
      fedilink
      211 year ago

      I am so glad that Microsoft always tells the truth so we can just take them at their word. It would be totally different if they had a history of lying and doing shady stuff.

    • @Nighed@sffa.community
      link
      fedilink
      English
      71 year ago

      As long as the data they lost doesn’t get more details, that get more detail that gets customer data… or anorher signing key…

  • 👍Maximum Derek👍
    link
    fedilink
    English
    411 year ago

    Did Microsoft officially stop caring about security or is this more of a fad, like when everything was tiles for a while?

  • @Random_user@lemmy.world
    link
    fedilink
    English
    331 year ago

    That must be why I’ve been getting a million 2fa emails recently asking me to verify my Microsoft account sign in.

    • @Nath@aussie.zone
      link
      fedilink
      91 year ago

      Hmm, by using Authy I wouldn’t receive these. They’d just be asked for the current code and unable to proceed.

      On the one hand I’m happy not getting spammed like you with 2fa requests. On the other, I think I’d like to know if any of my user/password pairs have been compromised.

      • @XTornado@lemmy.ml
        link
        fedilink
        31 year ago

        Tbh I am not sure what he is talking about. I didn’t know Microsoft had 2FA by mail. They have their authenticator app, sms, physical key, windows auth (or whatever is called that the PC acts as key/2fa). I know of one case where you can get invited to an org and if you don’t have an azure account the login is done by a mail they sent you, but I wouldn’t call that 2FA. But I guess here is a mail version I didn’t know about.

        • @Nath@aussie.zone
          link
          fedilink
          21 year ago

          Oh you’re right. I thought it was notification spam to the phone/watch that @Random_user was complaining about.

          There is an email MFA method for Hotmail/LiveID accounts, but M365 doesn’t have email as an authentication method. There’s Authenticator Lite, which comes through as a notificataion through the Outlook App on the phone, though. Not so many organisations use it because it’s fairly new and we’ve mostly been doing MFA for years by now.

          • @beetus@lemmy.world
            link
            fedilink
            31 year ago

            Pretty sure the person who said they are getting 2fa emails was meaning that they are getting email alerts from Microsoft that says “we blocked these logins. Were they you?”

            Some service providers do this when they see large attempts to access accounts fail due to 2fa blocks.

    • ChlorineAddict
      link
      fedilink
      English
      -91 year ago

      That must be new… it has been default to public for most of its history.

  • @Reygle@lemmy.world
    link
    fedilink
    21 year ago

    I practically have tourette syndrome at this point I curse the absolute fuckwittery of Microsoft so often.

    Gtfo of “the cloud”. Don’t touch it. Don’t joke about touching it.