Here’s my take on the Microsoft Outlook.com breach.
The truth to the matter is that service security is hard for any company, whether it’s Alphabet (Google), Apple or Microsoft.
Yes, Microsoft suffered a breach on their Outlook.com service. But it doesn’t mean that Alphabet or Apple won’t. They will, it’s not a question of if, but when. There are many attacks against different service providers.
It’s how you deal with it that matters. For me, Microsoft did deal pretty well with the situation, by disclosing the breach publicly and disabling the credentials of the affected employee. Yahoo did not; they were first breached in 2013, but it took over 3 years for it to become public.
There are legitimate questions to be answered. Would have multi-factor authentication helped? What measures will they put in place to avoid such a situation to repeat itself? It’s a wait and see right now.