Microsoft is Admitted Accidentally exposing sensitive customer data after failing to securely configure the server.

Cybersecurity firm SOCRadar notified Microsoft of an embarrassing September leak that researchers claimed involved files dated from 2017 to August 2022.

The following business transaction data has been published:

  • name
  • email address
  • The contents of the e-mail
  • company name
  • phone number

Additionally, Microsoft warns that the published data may include “attachments related to the business between the customer and Microsoft or its authorized Microsoft partners.”

SOC radar Claim We have determined that sensitive data for over 65,000 entities in 111 countries resides on improperly configured Microsoft servers that have been left exposed over the Internet.

sign up for newsletter
Security news, advice and tips.

Calling the data breach “BlueBleed,” SOCRadar Websites that relevant companies can search to see if their data is publicly available.

Microsoft has not shared details about the scale of the data breach. While he thanked SOCRadar for issuing the data leak warning, he claimed the researchers “greatly exaggerated the scope of the problem.”

A detailed examination and analysis of the dataset shows duplicate information, showing multiple references to the same email, project, and user. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after highlighting the error.

The public release of SOCRadar’s BlueBleed search tool appears to have particularly upset Microsoft, which it said was “not in its best interests because it could protect the privacy and security of its customers and expose them to unnecessary risks.” I’m here.

Microsoft argues that security companies that release such tools must take basic measures, such as verifying users, before allowing them to search for data related to domains.

Microsoft is rightly embarrassed by lax security that unnecessarily exposes customer data. I think most Microsoft customers would be less annoyed by quarrels about how much data was inadvertently exposed, and security he would be worried about the cockup happening in the first place.

According to SOCRadar, Microsoft responded within hours of being notified of the issue and reconfigured the Azure Blob Storage cloud buckets to adequately protect against unauthorized access.

While it’s clearly a positive that the misconfigured server was protected, it’s unfortunately true that this particular horse has already been bolted. “It’s been public for months.”.

Did you find this article interesting? Follow Graham Cluley on Twitter To read more about the exclusive content we post.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst and makes regular media appearances and lectures internationally on the topics of computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyor drop him an email.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog