A jobs portal used by Microsoft applicants had a misconfigured MongoDB installation that exposed some information and enabled read/write access to the website. The database itself is maintained by Punchkick Interactive, a mobile development company contracted by Microsoft to run mcareersat.com. An attacker could have leveraged this exposure for a watering hole attack. The incident highlights the importance of monitoring and verification when it comes to outsourced development projects and third-party vendors. Microsoft responded swiftly and fixed the problem once alerted to the problem.”]