Microsoft Server Misconfiguration Led to Exposed Customer Data

Microsoft on Wednesday confirmed that a misconfiguration with a Microsoft server endpoint has potentially exposed some customer data, including personal information and emails.

The company said that after being alerted to the misconfiguration, the endpoint server was secured and an additional layer of permissions added for access. Microsoft said that while customer data was exposed, it did not find any intrusions.

Security firm SOCRadar first discovered and alerted Microsoft to the misconfiguration at the end of September. It also released additional details on Wednesday about the leak the company has dubbed "BlueBleed."

"SOCRadar has detected that sensitive data of 65,000 entities became public because of a misconfigured server," wrote SOCRadar, in a blog post. "The leak includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property."

The company said the misconfiguration originated in Azure Blob Storage, and was discovered by the security firm's Cloud Security Module, which keeps an eye on public cloud storage buckets for potential data exposure. It found that 2.4 TB of data, created between 2017 and 2022, contained data of more than 65,000 companies.

Some of the exposed data, according to SOCRadar, included invoices, product offers, customer emails, internal customer comments and project orders, just to name a few.

Further, it asserts that the exposure was "the most significant B2B data leak in the recent history of cybersecurity," and said the scope of the exposed data could have caused unmeasurable damage to the affected companies.

"The exposed data, if parsed properly, enable threat actors to create elaborate attacks against the companies at risk of BlueBleed," wrote SOCRadar. "Even though most of the data consists of RAW files of databases, the threat actors certainly have enough resources to parse and process the data."

Once alerted, the firm confirmed Microsoft had secured and further protected the server "within several hours."

While Microsoft has publicly thanked SOCRadar in their assistance in this matter, it is pushing back on some of the figures concerning the exposure. "We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error," wrote Microsoft.

It also sent critiques after SOCRadar released an online tool that let companies see if their data was exposed in the BlueBleed leak, saying the tool was not in the best interest of the potentially affected customers, and opens them up to further risk by making available the list of potential victims.

For Microsoft's part, it said it has reached out to those who might have been exposed in the leak.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube