Microsoft may have leaked a large amount of sensitive customer data due to a misconfiguration

According to Bleeping Computer on October 19, Microsoft said on the same day that some customers’ sensitive information may be leaked due to misconfigured Microsoft servers.

Microsoft disclosed that such misconfiguration could lead to unauthenticated access that could disclose certain business documents, transaction data, and personal information about customers between Microsoft and customers, including names, email addresses, email content, company names, and phone numbers. But as of the investigation, Microsoft said there was no indication that customer accounts or systems had been compromised and had notified affected customers.


The leaked data may be related to 65,000 entities worldwide

While Microsoft did not provide any other details about this data leak, threat intelligence firm SOCRadar revealed in a blog post published on the same day that the data was kept in a misconfigured Azure Blob bucket. SOCRadar claims to be able to associate this sensitive information with more than 65,000 entities from 111 countries and territories, with files stored from 2017 to August 2022.

SOCRadar analysis concluded that the exposed data specifically included Proof of Execution (PoE) and Statement of Work (SoW) files, user information, product orders/quotes, project details, PII (personally identifiable information), and data and documents that could reveal intellectual property.

Microsoft thanked SOCRadar for its information and analysis of the incident, but noted that SOCRadar’s blog post grossly exaggerated the scope and specific numbers of the problem, and noted that the data breach search tool SOCRadar published in this incident was not in the best interests of ensuring customer privacy or security and could expose customers to unnecessary security risks.

Search online tools for leaked data

SOCRadar’s data breach search tool, called BlueBleed, allows companies to find out if their sensitive information matches the leaked data. In addition to what was found in Microsoft’s misconfigured servers, BlueBleed also allowed searching for data collected from five other public buckets.

In Microsoft’s servers alone, SOCRadar claims to have found 2.4 TB of data containing sensitive information, and so far has found more than 335,000 emails, 133,000 items, and 548,000 usernames when analyzing the exposed files. SOCRadar warns that attackers may have accessed the data and used it for extortion, phishing, or putting it on a dark web auction.