Microsoft Partner Leak: Leaking Microsoft Employee PII and 700M+ Partner Records (Auth Bypass + Leaked API Key)
Date: 08/12/25
Hey! I'm Faav, and this is how I hacked the Microsoft Device Pricing Program (for Microsoft Partners) to leak Microsoft Employee PII using an auth bypass and 700M+ Microsoft partner records via a leaked API key.
One day, I came across the subdomain mdpp.microsoft.com
and decided to look into it. (MDPP stands for Microsoft Device Pricing Program)
