Misconfigured Microsoft endpoint exposes sensitive data from 65K entities

A misconfigured Microsoft endpoint has exposed sensitive data from 65,000 entities across 111 countries, researchers from SOCRadar have allegedly discovered.

According to security firm SOCRadar, their scanners detected data (such as statement of work documents, product orders/offers, project details, personal data, and even intellectual property related documents) exposed on unsecured public endpoints.

SOCRadar also explained that these recent exposures were caused by misconfigured Azure Blob Storage and were part of larger set of leaks, they have dubbed BlueBleed, that affected 150,000 organizations in 123 countries.

However, Microsoft seemed to have downplayed the severity of the incident and explained that SOCRadar “has greatly exaggerated the scope of this issue.”

Moreover, Microsoft quickly fixed the misconfigured endpoint and confirmed access now requires authentication.

“Our investigation found no indication customer accounts or systems were compromised. We have directly notified the affected customers,” Microsoft added.

Microsoft did confirm the leaked business transaction data includes names, email addresses, email content, company name, and phone numbers. Some of the attached files may also have included information regarding relationships between customers and Microsoft (or authorized Microsoft partner).

“We have focused our attention on directly notifying impacted customers and provided them with instructions for contacting Microsoft with questions or concerns,” Microsoft stated.

Finally, Microsoft said they will work to improve their processes to prevent these types of misconfigurations going forward and “ensure the security of all Microsoft endpoints.”   

Related Articles