An issue was discovered in January with Microsoft’s cloud computing platform, Azure, by researchers at Wiz.
Due to a misconfiguration in Azure, Bing was compromised, and as a result, any user could access applications without authorisation.
The issue was detected in Azure Active Directory (AAD) identity and access management system.
Due to this vulnerability, researchers who logged into Azure accounts could change or control the search results of Bing. This opportunity was likely used to launch misinformation or carry out scam campaigns.
Since anyone could access other Microsoft platforms, likely, millions of data and Microsoft passwords were also compromised.
Microsoft fixed the problem on February 2nd. Issues that were reported later were all resolved by March 20th