We often find problems with client configurations when we take over jobs, particularly when less-technically-able client try to do-it-themselves. If anyone needs an example as to why getting things set up correctly is difficult, Microsoft made a mistake with a server config and exposed some of their client’s information:
Microsoft data breach exposes customers’ contact info, emails (bleepingcomputer.com)
The mis-configuration potentially allowed unauthorised access – initial investigations has not shown any information leaked, but investigations are ongoing.
Of course, there is speculation over just how much information was exposed:
Microsoft confirms customer data leak but disputes scope • The Register