Microsoft revealed today they experienced a misconfigured Microsoft server that was accessible over the internet. As a result, some of their customers’ sensitive information was exposed.
After being notified of the leak on September 24, 2022 by a security researcher, the company secured their server.
Microsoft has admitted to an “unintentional configuration” caused at their end. This misconfiguration allowed for the potential of unauthenticated access of business transaction data from Microsoft’s customers, including from its interactions with those prospective customers.
In a recent hacking case, the FBI found that hacktivist-caused distributed denial of service attacks had little to no impact on critical orgs.
“After carefully investigating, we found no indication that any customer’s account or data was compromised. We have sent direct notification to the affected customers.”
Microsoft revealed that the data leaked includes customer names, email content, company name, and phone numbers. It also included files linked to Microsoft or an authorized Microsoft partner.
Recently there was a leak and Redmond assured us that it was caused by the “unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem” rather than some security vulnerability.
Leaked data allegedly links to 65,000 entities
Microsoft has maintained silence about this data leak, but SOCRadar has revealed in a blog post that the data was stored on a Windows Azure Blob Storage.
Sharing sensitive information is risky. But not if you do it right, in a way that’s secure and private. SOCRadar claims to have made this easy for companies by giving them the tools necessary to share sensitive data without fear of a breach. In total, SOCRadar was able to identify more than 65,000 entities from 111 countries in files with dates from 2017 to August 2022.
“On September 24, 2022, SOCRadar detected and blocked unencrypted data from a high-profile cloud provider that was publicly available on Snowflake.”
The threat intelligence company concludes that the leaked data “includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data. Plus, it could contain documents that reveal intellectual property.”
Supposedly, as of today, Microsoft has said that they believe SOCRadar “greatly exaggerated the scope of this issue” and that their numbers are incorrect.
Furthermore, SOCRadar’s decision to collect and search customer data is “not in the best interest” of ensuring their privacy. The company has exposed customers to more risk than they wanted to by making the data public.
According to the Microsoft 365 Admin Center alert mentioned, they are unable to provide specific, detailed information on this data breach.
While GDPR requires notification of impacted customers, we have chosen not to go beyond those requirements.
