This is really shoddy reporting. The title says Azure data breach whereas the attack is a phishing campaign targeting Office 365. Being a phishing campaign, it is unclear which components of Azure/Microsoft were instrumental in the attack. And the article goes on to make irrelevant allusions to Microsoft's negligent cybersecurity practices. This is such bad reporting that I wonder whether it is done with incompetence or malfeasance.
Microsoft should be considered a threat to national security, particularly in the US. Their clear disregard for product quality at this point is beyond measure and requires government intervention.
> These links led to phishing websites but the anchor text of these links was “View Document”.
Fucking noobs.
Seems to be this Proofpoint blogpost about a phishing campaign:
https://www.proofpoint.com/us/blog/cloud-security/community-...
being blown out of proportions by a series of obscure news websites exaggerating each other's stories.
Edit: for a real interesting Microsoft security disaster (not exploited in the wild AFAIK) check out ChaosDO by Wiz:
https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-v...