Microsoft has warned of a data breach: namely, that some of its customers’ confidential information may have been exposed due to a misconfigured server accessible via the Internet.
Let me remind you that we also talked about the fact that Microsoft Exchange Autodiscover bug leaked 100,000 credentials, and also that Old bug in Azure leaked client source code.The leak was discovered on September 24 by SOCRadar specialists, after which the problem server was properly protected.
The company emphasizes that the leak occurred due to incorrect configuration of a certain endpoint, which “is not used in the Microsoft ecosystem.” As a result, information such as names, email addresses, contents of letters, company names and phone numbers, as well as files related to business between affected customers and Microsoft or a Microsoft authorized partner, was disclosed.
Although Microsoft has provided little to no further details about this leak, SOCRadar has published its own report that the data was stored in misconfigured Azure blob storage.
According to SOCRadar, the leak potentially affected the confidential information of more than 65,000 companies from 111 countries. The data was stored in files dated from 2017 to 2022.
According to SOCRadar analysis, the leaked data included “Proof-of-Execution and Statement-of-Work documents, user information, product orders/offers, project details, personal data, and documents that may disclose intellectual property.” Details of how the partner ecosystem works, invoices, project details, customer product price lists, internal customer comments, sales strategies and documents related to customer assets, and more have also been unearthed.
SOCRadar claims that the Microsoft server had 2.4TB of data containing sensitive information, including over 335,000 emails, 133,000 projects, and 548,000 users.
At the same time, Microsoft said that SOCRadar “greatly exaggerates the numbers and extent of this problem.” In addition, the company condemned the decision of SOCRadar, which collected data and made them available for search on a special portal. Microsoft believes that this “is not in the interests of protecting the privacy and security of customers and potentially exposes them to unnecessary risk.”
The mentioned SOCRadar portal is called BlueBleed and allows companies to find out if their confidential information has been damaged in a data breach. In addition to the Microsoft server, BlueBleed allows you to search through data collected from five other public repositories on the network.