Last Updated on 2 years by admin
Microsoft has admitted that they accidentally exposed sensitive customer data by failing to configure a server securely, which is what led to the “BlueBleed” data breach.
Researchers claimed that the embarrassing leak, which involved files dated from 2017 to August 2022, occurred in September and that Cybersecurity security firm SOCRadar informed Microsoft about it.
The following commercial transaction information has been made public:
- Names
- Addresses for email
- Content of emails
- Business name
- Mobile numbers
Microsoft also cautioned that “attached files relating to business between a customer and Microsoft or an authorized Microsoft partner.” may have been exposed in the exposed data.
According to SOCRadar, a Microsoft server that was misconfigured and left open to the internet contained the private information of over 65 000 entities in 111 nations.
Concerned businesses can check through a website to see if their data has been exposed on SOCRadar, which has named the data breach “BlueBleed.”
While thanking SOCRadar for raising the alarm about the data leak, Microsoft withheld information regarding the size of the data breach and asserted that the researchers had “greatly exaggerated the scope of this issue”:
Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.
Microsoft claims that the public release of SOCRadar’s BlueBleed search tool is “not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk,” which seems to have particularly incensed them.
Microsoft contends that any security company releasing such a tool should implement fundamental security controls, like verifying users before enabling them to look up information relevant to their domain.
Microsoft’s lax security practices, which unnecessarily exposed its customers’ data, should embarrass the company. The argument over how much data was carelessly exposed is probably less important to most Microsoft customers than the fact that the security blunder occurred in the first place.
Within hours of learning about the issue, Microsoft allegedly took action, reconfiguring its Azure Blob Storage cloud bucket to make it properly secure against unauthorized access.
The fact that the improperly configured server has been shut down is unquestionably a good thing, but sadly this particular horse has already bolted, according to reports that Microsoft’s leaky bucket has been “publicly indexed for months.”
