The security researchers at threat intelligence firm SOCRadar informed Microsoft of a misconfigured Microsoft endpoint on September 24, 2022. Sensitive information for some Microsoft customers was exposed by a misconfigured server.
“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services”, Microsoft
The company said that the endpoint was quickly secured and currently accessible with the required authentication.
Sensitive Information Exposed
According to Microsoft, the exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorized Microsoft partner.
Particularly, this breach was caused by an unintentional misconfiguration that is not used across the Microsoft ecosystem and is not due to security vulnerability.
“The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability”, Microsoft
While Microsoft investigating this issue seriously, SOCRadar revealed in a blog post published today that the data was stored on misconfigured Azure Blob Storage.
“Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users”, Microsoft
SOCRadar claims it was able to link this sensitive information to over 65,000 entities from 111 countries stored in files dated from 2017 to August 2022.
Also, from their analysis, they claimed to have found 2.4TB of emails and project files containing Statement of Work documents, product orders, project details, personally identifiable information, invoices, price lists, and documents that may reveal intellectual property.
“On September 24, 2022, SOCRadar’s built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider,” SOCRadar.
Microsoft stated that SOCRadar greatly exaggerated the scope of this issue and did not account for duplicate records in its estimate of affected entities.
Microsoft also said SOCRadar’s option to release a search tool to look through the files “is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.” Hence, Microsoft’s investigation found no indication customer accounts or systems were compromised. Also, the company added saying they directly notified all the affected customers.
Cyber Attack with Zero Trust Networking – Download Free E-Book