Microsoft confirms blunder results in user data leak

Attention warning attacker alert sign with exclamation mark on dark red background.Security protection Concept.
(Image credit: Shutterstock)

A misconfigured Microsoft endpoint was exposing sensitive data about its  customers to the wider internet, the company has confirmed.

The software giant said it was notified about the misconfiguration by threat intelligence firm SOCRadar in late September, and acted quickly to plug the hole. 

Fortunately, the language used in the announcement seems to suggest that the data hadn't been accessed by an authorized third party, hopefully meaning users are safe.

No viruses involved

“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers,” the company said.

These interactions, the company further stated, revolved around planning, potential implementation, and provisioning of Microsoft services. 

“Our investigation found no indication customer accounts or systems were compromised. We have directly notified the affected customers,” it added. 

Further in the announcement, it was said that the data included customer names, email addresses, contents of the emails, company names, and phone numbers. Furthermore, the endpoint was leaking files related to the work done between clients, Microsoft, and/or authorized partners. 

There were no vulnerability abuses, or malware, involved - it was simply an endpoint misconfiguration, Microsoft confirmed. 

While the company was relatively stingy on details, SOCRadar was happy to provide more insight. In a new blog post, the company said the data resided on an Azure Blob Storage, and that more than 65,000 entities from 111 countries were exposed. The oldest files dated back to 2017.

"On September 24, 2022, SOCRadar's built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider," SOCRadar said. THe data included “Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property."

Microsoft played down SOCRadar’s findings, saying the company “greatly exaggerated” the scope of the issue and the numbers 

It also criticized SOCRadar for indexing the data and building a search portal for it, saying the move was “not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk."

SOCRadar’s analysis determined 2.4 TB of data were exposed, holding 335,000 emails, details on 133,000 projects, and 548,000 users. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.