Microsoft Stock Unfazed by Hack Threatening Thousands of Customers

Over the weekend, Microsoft made the extraordinary disclosure that one of its key workplace software products was under attack from hackers, potentially exposing the data of thousands of companies and government agencies worldwide. 

On Monday, that seemingly apocalyptic scenario meant shares in the venerable Seattle-area tech giant were … just fine, rising 0.1% as experts warned of a veritable cornucopia for ransomware gangs.

The Keys to a Problem

If you’ve never worked at a job that required ties in the office and/or you’re Gen Z, there’s a decent chance you have a strong aversion to Microsoft products. However, being outré or hip isn’t what makes a corporation like Microsoft, with a market capitalization of nearly $3.8 trillion, the second-most valuable company on the planet. It’s being the world’s largest software maker, whose products are the backbone of workplaces worldwide.

It’s also why corporate IT managers from Houston to Helsinki had their weekends wrecked when Microsoft said its SharePoint software was under attack. Some 250,000 organizations use the software designed for building intranet websites, sharing files between employees and storing internal information, otherwise known as stuff you don’t want hacked. In good news, the vulnerability exploited by the attack only affects on-premise SharePoint servers, meaning companies using the cloud version of the software are unaffected. Security updates to eliminate the vulnerability were made available on Sunday for the most recent and 2019 versions of the software (although the 2016 version is still awaiting its own update). In bad news, this may well amount to too little, too late in many cases:

• Researchers at Eye Security noted that breaches could allow malicious hackers to harvest passwords and access cryptographic keys, which would enable them to gain access to systems even after they’re patched. (Buy your IT guy, who will have to update the way future keys are encrypted, a beer at the next work social if you’re a SharePoint company.)
• Eye’s researchers scanned more than 8,000 SharePoint servers worldwide and found that the attacks, which likely began on July 18, compromised more than 50 servers, including those of a major US energy company and multiple European government agencies. (Two US federal agencies were impacted, too, The Washington Post reported.) There is no undoing the theft of materials already stolen.

Taking Stock: Microsoft has been at the center of several damaging breaches in recent years and the general response from markets, since the bad publicity has never been enough to imperil the company’s dominant market share, has been a yawn. Last year, for example, the company’s own email system, including the accounts of senior executives, was compromised by a Russian hacker group just a few months after another Microsoft breach resulted in tens of thousands of emails being stolen from the US State Department by Chinese hackers. In fact, analysts were salivating over the stock last week as the company prepared for its July 30 earnings release. BofA, Deutsche Bank, Cantor Fitzgerald, Mizuho Securities, TD Cowen and Wells Fargo all raised their price targets on the shares, which are up 21% this year. Maybe there really is no such thing as bad publicity.