Monday of this week (21 sep 2015) the global community saw a strange thing happen. Skype and several other services were acting really weird. On Skype, all your contacts would be listed as offline, but you could still message them or even call them. You would not be able to switch your status and group messaging would only work sporadically. At one point, you could not call others, but if you were in a call when it happened, you could keep the call going. Other VoIP services suffered from the same thing, which also affected Skype’s website.
This is pure speculation at this point, but I happened to know that a few of the services that were down had their homes on Microsoft servers. Skype, being owned by Microsoft, most likely uses the very same servers. The service is so popular, that Swedish officials have displayed a desire to use them for all patient data in the Swedish health care system.
This worries me a bit, since Microsoft’s servers are notoriously badly protected. They have been the target of several of the past few year’s most talked about hackings, such as 2014 Xbox Xmas Shutdown, and the 2011 Giant Hackathon, which hit, among others, Facebook and Apple too.
Despite numerous breaches, Microsoft executives claim their hardware is hack proof. There’s always something else, it’s not hacking. It’s “social engineering”, where the hacker gets one of the employees to open a scam link in an email or something similar.
There’s no proof that the servers have been hacked (this time), it’s not even certain at the point of writing if it’s even Microsoft’s servers that are down, but it does add another layer of insecurities about their services. Concerns that country officials should consider before talking about putting the entire nation’s populations patient data on there.
Microsoft is not the only place with insecure servers, and it’s certainly not the worst one. I don’t mean to single them out, this is an issue that is far more widespread than that. In short, I believe that putting to many services at a single server provider is always a bad idea. Especially when important data is involved.
What do you think, is it still safe to use Microsoft’s servers?