Microsoft leaks business customer data through misconfigured storage servers

Microsoft leaks business customer data through misconfigured storage servers

Microsoft leaks business customer data through misconfigured storage servers

Microsoft says it accidentally leaked business transaction data between the software giant and potential customers. However, the company is trying to downplay the leak as a cybersecurity firm claims the exposure implicated 65,000 entities worldwide, many of them companies.

On September 24, cyber security firm SOCRadar informed Microsoft about the leak, which occurred via an online storage system that was incorrectly configured for Open Access.

one in blog post(Opens in a new window) On Wednesday, Microsoft said: “This misconfiguration has the potential to result in unauthorized access to certain business transaction data consistent with interactions between Microsoft and potential customers, such as the planning or possible implementation and provision of Microsoft services.”

The exposed information included “names, email addresses, email contents, company names and phone numbers” along with attached business documents. The company was quick to secure the storage system by adding an authentication requirement. Microsoft also says that its investigation “found no indication that customer accounts or systems were compromised.”

In addition, the software giant is notifying affected customers. But at the same time, Microsoft is criticizing SOCRadar for allegedly “exaggerating” the scale of the leak.

in it’s own blog post(Opens in a new window), SOCRadar says that misconfigured Microsoft storage contained sensitive data of 65,000 entities in 111 countries. Specifically, the exposed data was housed inside Microsoft’s Azure Blob Storage, which is designed to hold and analyze large amounts of unstructured data.

“Leaks include Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that protect intellectual property may reveal,” claims Virginia-based SOCRadar; The leak also found 335,000 emails.

Microsoft leaks business customer data through misconfigured storage servers

(credit: soccerreader)

A cyber security firm discovered exposed data through a company product that can scan the Internet for erroneous cloud servers exposing sensitive data. It is unclear whether a malicious hacker managed to access and copy data from a misconfigured Microsoft storage server. But if they did, SOCRadar warned that attackers now have information about “thousands of companies” they can exploit for further attacks.

“As a result of our investigations on misconfigured servers, SQLServer databases and other files, SOCRadar researchers discovered 2.4TB of publicly available data containing sensitive information related to Microsoft. The exposed data included files from 2017 to August 2022 Including,” the cyber security firm said.

However, Microsoft is accusing SOCRadar of exaggerating the seriousness of the leak. “Our in-depth investigation and analysis of the data set shows duplicate information with multiple references to the same email, project, and users,” Microsoft wrote in its blog post. “We take this issue very seriously and are disappointed that SOCRadar has exaggerated the numbers involved in this issue even as we uncovered their error.”

Microsoft is also disappointed with how SOCRadar has built search tool(Opens in a new window) Enabling leak victims to see if they have been affected. The problem is that anyone—including businesses, journalists or hackers—can type a company name into a search tool to see if they’re in the leak. Users can then view more data about the leaks by registering for the free version of SOCRadar’s cyber threat intelligence product.

Recommended by our editors


(credit: soccerreader)

Microsoft says SOCRadar should “implement a proper verification system” and ensure that the search tool provides results to verified victims before offering them to the public.

SOCRadar did not immediately respond to a request for comment. However, it appears that the company is reviewing each free request for its Cyber ​​Threat Intelligence product before granting access. Free access also allows the user to search for results related to only one corporate domain.

Additionally, SOCRadar’s search tool covers Microsoft incident five other leaks That cyber security firm recently detected misconfigured cloud storage systems at other providers including Google and Amazon AWS. So if you use the search tool, and look for the company name in the results, you won’t know which misconfigured storage system the data comes from.

Microsoft declined to comment, including how many customers were affected. But in its blog post, the company said: “We are working to improve our processes to prevent this type of misconfiguration and doing extra due diligence to ensure that all Microsoft endpoints are checked and protected.” Huh.”

Like what are you reading?

sign up for safety watch Newsletter for our top privacy and security stories, delivered straight to your inbox.

This newsletter may contain advertisements, deals or affiliate links. Subscribing to the newsletter signifies your consent to us Terms of Use And Privacy Policy, You can unsubscribe from newsletters at any time.

#Microsoft #leaks #business #customer #data #misconfigured #storage #servers

مقالات ذات صلة

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *

زر الذهاب إلى الأعلى
سيتات آورج 2022 سيتات آورج 2022