Microsoft has confirmed one of its own misconfigured cloud systems exposed customer information such as names, email addresses, and phone numbers in the cloud. However, it denies that the leak exposed this data to the internet.
On September 24, Microsoft was notified by an intelligence firm that someone had a misconfigured endpoint and exposed business transaction data pertaining to interactions involving Microsoft.
Microsoft realized it had oversights about the trust of their cloud, and began to protect itself by notifying the current owners. In order to ensure that their data was only accessible with proper authentication, Microsoft secured the endpoint that contained sensitive information.
No indications customer accounts or systems were compromised were found in our investigation, and we’ve directly notified the affected customers about what happened.
An unsecured system was discovered to have been left vulnerable, exposing sensitive information including a number of documents that prove the execution of a proof-of-work or statement-of-work, including user information, product offer and orders, project details, and personally identifiable data.
The documents were also claimed to have revealed intellectual property.
When Microsoft accidentally leak sensitive customer information, it’s no surprise. SOCPro has a tool that hunts down and monitors public cloud storage buckets, and found six large Microsoft-managed public buckets containing information on more than 150,000 companies in 123 countries. SOCPro is collectively referring to this data as BlueBleed.
Data on 65,000 entities was allegedly exposed by a misconfigured Azure Blob Storage instance in the public cloud this week. More than 335,000 emails and 133,000 projects were also affected.
The report notes that party’s who may have accessed the bucket may use this information in different forms for extortion, blackmailing, creating social engineering tactics with the help of exposed information, or simply selling the information to the highest bidder on dark web and Telegram channels.
The recent BlueBleed data leak exposed sensitive information from tens of thousands of entities. It also reminds us that misconfigured servers are common and hackers have the advantage in these situations. But with this leak, it looks like the servers were especially vulnerable because of security flaws and poor defenses.
Tear in Microsoft Azure Service Fabric is a known exploit that can give attackers full admin privileges.
If Microsoft tries to use GitHub as a way of staying off the radar, they’re likely to find themselves in copyright trouble.
Microsoft cuts more jobs after sagging economy
Microsoft has announced that they are extending the Microsoft Azure Hybrid benefit to their on-prem software and services. As a result, some of their software is now available in both hybrid and traditional versions.
They disputed the SOCRAdar conclusions, saying that it involved business transaction data – such as names, email addresses, email content, company names and phone numbers – and may also include attached files.
After reviewing the post, we noted that SOCRadar greatly exaggerated the scope of this issue. Our detailed investigation and analysis of data set showed many duplicate information, referencing the same emails, projects, and users. We take this issue very seriously and are disappointed that they had to exaggerate numbers even after we pointed out their error.
Microsoft is criticizing SOCRadar for releasing a free search tool that they say intrudes on customer privacy and could expose them to risk. SOCRadar says it provides a service companies can use to find their company name on leaked databases in order to determine whether or not they were affected by the leaks.
The SOCRadar report on data leaks said that poorly configured servers are among the top causes of data leaks and, pointing to the SANS 2022 Top New Attacks and Threat Report, added that data exfiltration from cloud storage is a common attack avenue.
“Threat actors constantly scan public storage buckets for sensitive data,” the researchers wrote. Employees of these companies should use automated security tools to monitor such cyber risks.
In an email to The Register, Erich Kron said that a spreadsheet on the web which appears to belong to SOCRadar included some sensitive information about infrastructure and network configuration of potential customers. These attacks could be valuable to potentially malicious actors who are looking for vulnerabilities within this organization’s network.
Cron is a pro at the cloud, and such vulnerabilities are not just limited to Azure. He also mentioned that complex security configurations may take longer to implement and that there can be a larger number of organizations and individuals impacted by a similar vulnerability in on-premises systems.
Dear Support, I have created a robot for this site but when I test it, it does not work. The robot does not even show up on my site.
