Sounds like one of ADOs recent security misconfiguration vulnerability announcements. The customer is blamed, for not quite hardening everything the right way, when ADO config is... A sizeable task.