Stop thinking of identity theft as a “hack.” Learn how corporate negligence and data aggregation fuel the Canadian black market, and why your info is at risk.
This is part one of a Canadian series, teaching you how to fight back and react to protect your personal info and get your digital life back if you’ve been SIM swapped or your social media has been hacked!
A couple years ago, I was contracted to identify security issues in an m365/azure environment.
The ms service was so liberally set up that it barely broke 30 on its ms security score, which is really bad; it means your controls are almost not implemented at all.
As a result, it was at the time very easy to get a list of employees using the very well-known ms graphs api. From any public endpoint. Without authentication or federation.
A hardening exercise is an absolute must after an m365 deployment.
Great resource, thanks for sharing!
