Due to a server misconfiguration, sensitive Microsoft customer information was exposed on the Internet. In total, 65,000 companies are concerned.
This story begins on September 24, 2022 when security researchers at SOCRadar notified Microsoft of this security issue. In its official press release, Microsoft states:This misconfiguration has resulted in the possibility of unauthenticated access to certain business transaction data corresponding to interactions between Microsoft and potential customers, such as planning or potential implementation and delivery of Microsoft services.” – The American company also adds: “Our investigation found no indication that customer accounts or systems were compromised. We have directly informed the affected customers.“
To be more precise, the exposed data contains names, e-mail addresses, e-mail addresses as such, company names and telephone numbers. One can also find files associated with these exchanges between companies and Microsoft, which corresponds in particular to ongoing projects between the two parties. SOCRadar claims to have been able to link this sensitive information to more than 65,000 companies from 111 countriesin files dating from 2017 to August 2022.
What is the origin of this data leak?
An unintentional configuration fault is the cause of this security incident. Microsoft claims that this is not a security flaw. According to SOCRadar, the data concerned was stored on a misconfigured Azure Blob Storage space managed directly by Microsoft.
If you want to know if you are affected, you can use the BlueBleed portal of SOCRadar. It contains information on the Microsoft leak but also on other leaks from data collected from 5 other Cloud bucket providers. Only in misconfigured Microsoft space, SOCRadar claims to have found 2.4 TB of data: over 335,000 emails, 133,000 projects and 548,000 exposed users!
Moreover, Microsoft does not see it in a good light that this information is accessible through the BlueBleed portal, claiming that this “is not in the best interest of ensuring customer privacy or security and potentially exposes them to unnecessary risk.“
#Microsoft #data #leak #companies #affected