Microsoft has warned that some of its customers’ sensitive information could be exposed due to a misconfigured server accessible over the Internet. The leak was discovered on September 24 by SOCRadar specialists, after which the problem server was properly protected.
"Incorrect [server] configuration has resulted in potentially unauthenticated access to certain business transaction data related to interactions between Microsoft and customers, including information about planning or potential implementation and the provision of Microsoft services," Microsoft representatives wrote. "Our investigation found no indication that customer accounts or systems were compromised."
The company emphasizes that the leak occurred due to an incorrect configuration of a certain endpoint, which “is not used in the Microsoft ecosystem.” As a result, information such as names, email addresses, contents of letters, company names, and phone numbers, as well as files related to business between affected customers and Microsoft or a Microsoft-authorized partner, was disclosed.
Although Microsoft provided little to no further details about this leak, SOCRadar published its own report stating that the data was stored in misconfigured Azure blob storage.
According to SOCRadar, the leak potentially affected the confidential information of more than 65,000 companies from 111 countries. The data was stored in files dated from 2017 to 2022.
According to SOCRadar analysis, the leaked data included “Proof-of-Execution and Statement-of-Work documents, user information, product orders/offers, project details, personal data, and documents that may disclose intellectual property.” Details of how the partner ecosystem works, invoices, project details, customer product price lists, internal customer comments, sales strategies, and documents related to customer assets, and more have also been unearthed.
SOCRadar claims that the Microsoft server had 2.4TB of data containing sensitive information, including over 335,000 emails, 133,000 projects, and 548,000 users.
At the same time, Microsoft said that SOCRadar “greatly exaggerates the numbers and extent of this problem.” In addition, the company condemned the decision of SOCRadar, which collected data and made them available for search on a special portal. Microsoft believes that this “is not in the best interests of protecting the privacy and security of customers and potentially exposes them to unnecessary risk.”
The mentioned SOCRadar portal is called BlueBleed and allows companies to find out if their confidential information has been damaged in a data breach. In addition to the Microsoft server, BlueBleed allows you to search through data collected from five other public repositories on the network.