Microsoft confirms data leak caused by misconfiguration

Microsoft Suffers Massive Data Leak: IT Giant Disputes Magnitude

October 26, 2022
|In News
|By admin

Microsoft has found itself in murky waters yet again as a misconfiguration of its part has left sensitive customer-related data vulnerable. This week, Microsoft’s Security Response Center (MSRC) said that threat intelligence company SOCRadar had warned it about a misconfigured endpoint that had compromised business transactions data about exchanges amongst Microsoft and its clients on September 24.

According to MSRC, the material covered the delivery and use of Microsoft services that were either planned for or implemented. After being alerted, Microsoft protected its endpoint, which is now only accessible after proper authentication. Microsoft essentially shot itself in the foot by mishandling the configuration details and leaving the consumer data exposed.

“Our investigation found no indication customer accounts or systems were compromised,” the MSRC stated. “We have directly notified the affected customers.”

Researchers from SOCRadar said that Microsoft’s misconfiguration exposed sensitive data. The compromised data encompassed proof-of-execution and statement-of-work documents, user credentials, purchase information, and specifications in a study released this week. In addition, the company said that the papers could have potentially disclosed intellectual property.

SOCR Radar’s Findings

As per SOCRadar, which tracks and investigates public cloud storage buckets, it discovered six sizable Microsoft-managed public buckets with data on more than 150,000 businesses across 123 countries. The leaks are collectively referred to as BlueBleed by SOCRadar.

According to the study, one of the biggest public buckets, known as BlueBleed, was an improperly set up Azure Blob Storage instance that purportedly had data on more than 65,000 entities in 111 countries. From 2017 until August of this year, this amounted to 2.4 TB of publicly accessible Microsoft-owned data, which included more than 335,000 emails, 133,000 projects, and 548,000 exposed users.

According to the same study, anyone “who may have accessed the bucket” may have sold the information to the highest bidder on the dark web and Telegram channels, used it for extortion or blackmail or used it to develop social engineering strategies.

Can Yoleri, vulnerability and threat researcher at SOCRadar and the lead investigator for BlueBleed, stated, “Surely this is not the first time a misconfigured server has exposed sensitive information, and it will not be the last.” However, BlueBleed has been one of the biggest B2B dumps in recent years, with important data stolen from tens of thousands of companies.

Microsoft’s Account

Microsoft disputed SOCRadar’s account of the scope of the leak, which it claimed involved business transaction data, including names, email addresses, email content, company names, and phone numbers. In addition, attached files related to transactions “between a customer and a Microsoft or an authorized Microsoft partner” may have been exposed.

After reading [the SOCRadar blog article], we first want to point out that SOCRadar dramatically overstated the severity of this problem, according to MSRC. “The data collection has duplicate information, with several references to the same emails, projects, and users, according to our in-depth research and analysis of it. We are disturbed that SOCRadar overstated the number of people affected by this issue even after we pointed out their inaccuracy because we take this matter very seriously.”

Microsoft also attacked SOCRadar for making a search engine available to the public that it claims does not protect user privacy or security and potentially puts businesses in danger. According to SOCRadar, it offers a free tool that businesses may use to search for their company names to see whether any BlueBleed breaches impacted them.

Contact Us

More Cyber Security News: