The company confirmed that Microsoft’s misconfigured endpoint was exposing sensitive data about its customers to the wider internet.
The software giant said it was alerted to the misconfiguration by intelligence firm SOCRadar in late September and quickly took action to patch the hole.
Fortunately, the language used in the announcement seems to imply that the data was not accessed by an authorized third party, which hopefully means users are safe.
“This misconfiguration has resulted in the possibility of unauthenticated access to certain business transaction data corresponding to interactions between Microsoft and prospects,” the company said.
These interactions, the company further stated, involved the planning, potential deployment, and delivery of Microsoft services.
“Our investigation found no indications that customer accounts or systems were compromised. We have directly notified affected customers.”
The statement went on to state that the data included customer names, email addresses, email content, company names and phone numbers. In addition, files related to work between customers, Microsoft and/or authorized partners were leaked from the endpoint.
There was no exploitation of vulnerabilities or malware involved – it was simply a misconfiguration of the endpoint, Microsoft confirmed.
While the company was relatively stingy with details, SOCRadar was happy to provide more information. In a new blog post, the company said the data was in Azure Blob Storage and that more than 65,000 entities from 111 countries were exposed. The oldest files are from 2017.
“On September 24, 2022, SOCRadar’s built-in cloud security module detected a misconfigured Microsoft-operated Azure Blob Storage containing sensitive data from a reputable cloud provider,” said SOCRadar. Data included Proof-of-Execution (PoE) and Statement of Work (SoW), user information, product orders/quotes, project details, PII (Personally Identifiable Information) (opens in a new tab)) data and documents that may reveal intellectual property.
Microsoft dismissed SOCRadar’s findings, saying the company had “significantly exaggerated” the scope of the problem and the numbers
He also criticized SOCRadar for indexing the data and building a search portal for it, saying the move was “not in the best interests of ensuring customers’ privacy or security and potentially exposing them to unnecessary risk.”
SOCRadar analysis found that 2.4 TB of data was exposed, including 335,000 emails, details of 133,000 projects and 548,000 users.
By: Beeping Computer (opens in a new tab)