Microsoft recently announced that part of their systems had been compromised by a Russian hacking group, and that their corporate email server and part of their source code had been breached recently.
This attack was also reported as an attack that was planned for several months, because this group of hackers, called Midnight Blizzard, used passwords found through a password spray attack where various passwords were tested on specific account names to gain access to Microsoft's server machine.
The server machine accessed was an old server machine that did not have any two-factor authentication installed and it was this security vulnerability that gave them access to Microsoft's internal systems.
Because this server machine also has access to the company's corporate environment, this group of hackers managed to hack and steal information from Microsoft's email server machine, including information from the company's leadership and so on.
Unauthorized access to Microsoft's source code has also been reported lately, and although they haven't confirmed what was stolen, some reports also say that it's likely that what was taken were authentication tokens and even API keys.
