May 30, 2025

305 - Hanlon's Weekend

If you woke up one morning to find all of your company email accounts had mysteriously been deleted, without notice or warning, how would you react?

For anyone trying to email me or my team right now, a serious cyberattack targeting our company emails managed by Microsoft hit just over 24 hours ago, temporarily deleting all of our company email accounts. This wasn't the result of a phishing attack or similarly typical means, and since peer review processes move faster than Microsoft's incident response team then we may not have the full story of how they breached Microsoft for some time yet. Don't believe their "4-8 hour" and "highest priority level for this category" customer service responses. Also, be sure to call them using their archaic phone system, as no other "support" system functions at all.

What we do know for certain is what we've known for years, that Microsoft has worthless security and not to put anything confidential or irreplaceable within that insecurity.

My co-founder, being an 8-consecutive-year Microsoft MVP, who prepared very successful demos delivered by 3 of their CEOs, Gates to Nadella, may need to let go of his addiction to Microsoft Office and switch to any of the modern alternatives, since email address management is about the lowest possible bar that Microsoft could fail to meet.

It has been a couple of years since a major cyberattack managed to do anything at all to us (the last of which amounted to breaking into a honeypot trap computer that the attacker wiped), and last time they had to tunnel through the entire cybersecurity infrastructure of one of the world's most over-paid consultancies. It looks like this time they did the same, but to Microsoft, which given all of the vulnerable-by-design "AI integrations" was probably even easier than it used to be.

Either way, no confidential information about our technology was exposed, and nothing has really changed, so it'll just be an annoyance to either recover those email accounts or set up a new email management system elsewhere.

In the meantime, I can be reached here, via ResearchGate, Discord, or any other assets where I maintain a presence that cyberattacks have never disrupted.

"First they ignore you. Then they ridicule you. And then they attack you and want to burn you. And then they build monuments to you."

-Nicholas Klein