One of the benefits of achieving Cyber Essentials certification is that we subsequently receive regular security warnings. Billions of personal records are "lost" every year by organisatons large and small. And no doubt the real number is much higher because many cases will no doubt never be discovered, even by the organisations concerned.
This breach, reported by Microsoft is yet another case of data being exposed by an entity not taking appropriate measures to protect it. Hats off to Microsoft for discovering it and declaring only a few weeks after it occurred.
But yet again it raises the question, why are we worried about protecting the un-protectable? It is already lost. Don't believe us?
Try searching https://haveibeenpwned.com for your email address. If you have had your email for a while, you'll likely be listed. Remember, this isn't an exhaustive list (for example it doesn't include the Microsoft leak mentioned here, at the time of writing this article).
Most of our emails are listed there, taken mostly from a system called spambot. So what is this all about, you may ask?
Well, it is obvious that my email address is NOT private / personal information. So, it is essential that people have their wits about them when responding to emails - even those emails referring to support requests made by themselves to a legitimate company as big and secure as Microsoft.
Don't treat your email address as if it is private / personal data. It never has been, never could have been and never will be. Let the reader beware!