With no password protection, a Microsoft server containing a variety of security credentials used by Microsoft employees to access internal systems was accessible by anyone on the internet.
Access is the biggest weakness in cybersecurity. Companies need to control their credentials and encrypt them so they can't be known and disclosed.