Microsoft Data Breach Exposed Sensitive Data
According to the security research company SOCRadar, a breach of Microsoft servers may have affected over 65,000 organizations in 111 countries.
In response to a security failure that left an endpoint publicly accessible via the internet without any authentication, Microsoft admitted that it unintentionally exposed the information of thousands of customers.
According to an alert from Microsoft, “this misconfiguration resulted in the possibility for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and potential customers, such as the planning or potential implementation and provisioning of Microsoft services.”
Microsoft highlighted that there was no security flaw to blame for the B2Bleak, which was “triggered by an unintended misconfiguration on an endpoint that is not in use across the Microsoft ecosystem.”
What Happened?
2.4 TB of confidential data, including names, phone numbers, email addresses, company names, and attached files containing confidential company information, such as proof-of-concept documents, sales data, and product orders, may have been exposed due to a compromised Azure Blob Storage, according to SOCRadar.
SOCRadar termed the leak a Bluebleed. According to them, “The exposed data includes files dated from 2017 to August 2022.”
On September 24, 2022, Microsoft received notifications of the breach. On September 25, 2022, they issued a statement confirming that they had secured the compromised endpoint, which is “now only accessible with required authentication,” and that an investigation had “found no indication that customer accounts or systems were compromised.”
Why This Matters?
According to the threat intelligence firm’s analysis, the stolen information “includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property,” they added.
Microsoft stated that it believes “the figures” and “the magnitude of this issue” were grossly exaggerated by SOCRadar.
Redmond added “that it was not in the best interest of safeguarding customer privacy or security and perhaps exposing them to undue risk” for SOCRadar to gather and make the data searchable through a dedicated search engine.
Customers who contacted Microsoft’s support staff were reportedly informed that the company would not be notifying data regulators since “no other notifications are required under GDPR” in addition to those given to the affected customers.
The exposed data includes, for example, emails from US .gov, talking about O365 projects, money etc – I found this not via SOCRadar, it’s cached.
A post in M365 Admin Center, ignoring regulators and telling acct managers to blow off customers ain’t going to cut it.
— Kevin Beaumont (@GossiTheDog) October 20, 2022
In addition, Kevin Beaumont, a security researcher, said, “the Microsoft bucket “has been publicly indexed for months,” and “it’s even in search engines.”
Although there is no proof that threat actors inappropriately accessed the data before its disclosure, such breaches could still be used for bad intentions like extortion, social engineering attacks, or a quick buck.
Erich Kron, a security awareness advocate at KnowBe4, wrote to The Hacker News in an email, “While some of the data that may have been accessed seem trivial if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers.”
“Potential attackers could use this information to find vulnerabilities in the networks of these organizations.”
Protected Harbor’s Take on the Matter
It’s a sad fact of life that every major software company will eventually experience security breaches at some point in time. Unfortunately, it has become far more common in this ever-changing digital world. However, when it comes to these big, well-known companies that are responsible for keeping your business data safe, there needs to be an intense form of trust which comes with them taking proper action and solutions.
In the past, we’ve seen issues with Google, Facebook, and even the U.S. government’s websites. It’s important to note that these are all vast organizations with dedicated teams of engineers and experts working around the clock to ensure their customers’ security. Microsoft is no different, having some of the best security engineers in the world.
Protected Harbor has always emphasized the importance of network configuration on endpoint protection. An exemplary network configuration can reduce the risk of your network being exploited by malware and other threats.
Protected Harbor provides complete endpoint protection, configuration, and monitoring that protects your computers from malware, ransomware, data breaches, viruses, and other cyber threats. Our engineers also monitor and audit your network to ensure all your systems have the latest firmware, are set up correctly, and are protected against evolving threats.
“It’s happened before, and it will happen again. It’s just the cyclical nature of things. Microsoft will recover, and a new company will go through the process of becoming the next big thing. What’s important to understand here is that the cycle will keep turning as long as people keep investing in technology.”- Richard Luna, CEO of Protected Harbor.
Don’t be the next victim of a data breach. It’s time to invest in a good cybersecurity plan. Contact us today for a cybersecurity audit.