Microsoft leaks commercial customer data through misconfigured storage server

Microsoft leaks commercial customer data through misconfigured storage server

Microsoft says it accidentally leaked data from business transactions between the software giant and potential customers. However, the company is trying to play down the leak as a cybersecurity firm says the exposure has ensnared 65,000 entities around the world, including many businesses.

On September 24, cybersecurity firm SOCRadar notified Microsoft of the leak, which occurred through an online storage system that had been misconfigured for open access.

In a blog post(Opens in a new window) On Wednesday, Microsoft said: “This misconfiguration has resulted in the possibility of unauthenticated access to certain business transaction data corresponding to interactions between Microsoft and potential customers, such as planning or potential implementation and delivery of Microsoft services”.

The information exposed included “names, email addresses, email content, company name and phone numbers”, as well as attached business documents. The company was quick to secure the storage system by adding an authentication requirement. Microsoft also says its investigation “found no indication that customer accounts or systems were compromised.”

Additionally, the software giant has notified affected customers. But at the same time, Microsoft blames SOCRadar for allegedly “exaggerating” the scope of the leak.

In his own blog post(Opens in a new window), SOCRadar says misconfigured Microsoft storage contained sensitive data on 65,000 entities in 111 countries. Specifically, the exposed data was held in Microsoft’s Azure Blob Storage, designed to hold and analyze large amounts of unstructured data.

“The leak includes Proof of Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data and documents that may reveal intellectual property”, Va. – Claims SOCRadar; 335,000 emails were also found in the leak.


(Credit: SOCRadar)

The cybersecurity firm discovered the exposed data through a company product that can scan the internet for misconfigured cloud servers exposing sensitive data. It is unclear whether malicious hackers managed to access and copy data from the misconfigured Microsoft storage server. But if they did, SOCRadar warns that attackers now have a wealth of information on “tens of thousands of companies” that they can leverage for further attacks.

“As a result of our investigations of the misconfigured server, SQLServer databases and other files, SOCRadar researchers uncovered 2.4 TB of publicly available data containing sensitive information belonging to Microsoft. The exposed data includes files dated from 2017 to August 2022,” the cybersecurity firm added.

However, Microsoft accuses SOCRadar of inflating the seriousness of the leak. “Our extensive investigation and analysis of the dataset shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft wrote in its own blog post. “We take this issue very seriously and are disappointed that SOCRadar has exaggerated the numbers involved in this issue even after highlighting their error.”

Microsoft is also disappointed with the way SOCRadar has created a search tool(Opens in a new window) allowing victims of the leak to see if they have been hit. The problem is that anyone, including a company, journalist, or hacker, can type a company’s name into the search tool to determine if they were involved in the leak. The user can then see more data about the leak by signing up for a free edition of SOCRadar’s Cyber ​​Threat Intelligence product.

Recommended by our editors


(Credit: SOCRadar)

Microsoft says SOCRadar should “implement a reasonable verification system” and ensure that the search tool extends results to verified victims before offering it to the public.

SOCRadar did not immediately respond to a request for comment. However, the company appears to review every free request for its Cyber ​​Threat Intelligence product before granting access. Free access also allows the user to search only for results relating to a business domain.

Additionally, SOCRadar’s search tool groups the Microsoft incident with five more leaks that the cybersecurity firm recently detected on misconfigured cloud storage systems at other vendors, including Google and Amazon AWS. So if you use the search tool and find a company name in the results, you won’t know which misconfigured storage system the data came from.

Microsoft declined to comment, including on the number of affected customers. But in its blog post, the company added, “We are working to improve our processes to further prevent this type of misconfiguration and perform additional due diligence to investigate and ensure the security of all Microsoft endpoints. “

Security Watch<\/strong> newsletter for our top privacy and security stories delivered straight to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57: 33.000000Z”, “last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show= “showEmailSignUp() ” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs”>

Do you like what you read ?

Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. Signing up for a newsletter indicates your consent to our Terms of Service and Privacy Policy. You can unsubscribe from newsletters at any time.

#Microsoft #leaks #commercial #customer #data #misconfigured #storage #server

Leave a Comment

Your email address will not be published. Required fields are marked *