A misconfigured Microsoft endpoint has exposed sensitive data from 65,000 entities across 111 countries, researchers from SOCRadar have allegedly discovered.
According to security firm SOCRadar, their scanners detected data (such as statement of work documents, product orders/offers, project details, personal data, and even intellectual property related documents) exposed on unsecured public endpoints.
SOCRadar also explained that these recent exposures were caused by misconfigured Azure Blob Storage and were part of larger set of leaks, they have dubbed BlueBleed, that affected 150,000 organizations in 123 countries.
However, Microsoft seemed to have downplayed the severity of the incident and explained that SOCRadar “has greatly exaggerated the scope of this issue.”
Moreover, Microsoft quickly fixed the misconfigured endpoint and confirmed access now requires authentication.
“Our investigation found no indication customer accounts or systems were compromised. We have directly notified the affected customers,” Microsoft added.
Microsoft did confirm the leaked business transaction data includes names, email addresses, email content, company name, and phone numbers. Some of the attached files may also have included information regarding relationships between customers and Microsoft (or authorized Microsoft partner).
“We have focused our attention on directly notifying impacted customers and provided them with instructions for contacting Microsoft with questions or concerns,” Microsoft stated.
Finally, Microsoft said they will work to improve their processes to prevent these types of misconfigurations going forward and “ensure the security of all Microsoft endpoints.”
- Microsoft disables Basic authentication in Exchange Online to fight password spray attacks
- Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam
- Report: Linux malware and cloud misconfigurations top cybersecurity threats
- Microsoft exposes and disables Polonium activity targeting Israeli organizations
- Denonia malware targets AWS Lambda
- DevSecOps best practices to secure cloud-native and microservices-based applications
- CISA: Take these urgent steps to protect your organization against potential critical cybersecurity threats