Security researchers at threat intelligence firm SOCRadar notified Microsoft on September 24, 2022 about a misconfiguration of Microsoft endpoints. Confidential information of some of his Microsoft customers was exposed by improperly configured servers.
“This misconfiguration could have resulted in unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospects. B. Planned or potential Microsoft services implementation and deployment”, Microsoft
According to the company, endpoints were quickly secured and accessible with the latest required authentication.
Disclosure of Confidential Information
According to Microsoft, the disclosed information includes names, e-mail addresses, content of e-mails, company names and phone numbers, and the relationship between affected customers and Microsoft or Microsoft authorized partners. contains files related to transactions in
Specifically, this violation is due to an unintentional misconfiguration not shared across the Microsoft ecosystem, not due to a security vulnerability.
“The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability”, Microsoft
While Microsoft investigating this issue seriously, SOCRadar revealed in a blog post published today that the data was stored on misconfigured Azure Blob Storage.
“Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users”, Microsoft
SOCRadar claims it was able to link this sensitive information to over 65,000 entities from 111 countries stored in files dated from 2017 to August 2022.
Also, from their analysis, they claimed to have found 2.4TB of emails and project files containing Statement of Work documents, product orders, project details, personally identifiable information, invoices, price lists, and documents that may reveal intellectual property.
“On September 24, 2022, SOCRadar’s built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider,” SOCRadar.
Microsoft stated that SOCRadar greatly exaggerated the scope of this issue and did not account for duplicate records in its estimate of affected entities.
Microsoft also said the SOCRadar option, which shares search tools for browsing files, “is not in the best interests of customers because it protects their customers’ privacy and security and may expose them to unnecessary risks.” ‘ said. Therefore, Microsoft’s investigation found no indication that customer accounts or systems were compromised. The company also added that it has directly notified all affected customers.