MICROSOFT’S(MSFT ) LATEST DATA BREACH POTENTIALLY EXPOSES 250M ENTERPRISE RECORDS!
In recent reports, security firm — SOCRadar’s researchers reported that a misconfiguration by engineers at Microsoft exposed sensitive data including proof-of-execution and statement-of-work documents, user information, product offers and orders, project details, and personally identifiable information (PII).
“Our investigation found no indication customer accounts or systems were compromised,” Microsoft’s Security Response Center (MSRC) responded. “We have directly notified the affected customers.”
The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022. Microsoft said it’s in the process of directly notifying impacted customers. According to the report, one of the biggest public buckets, known as BlueBleed, was an improperly setup Azure Blob Storage instance that purportedly had data on more than 65,000 entities in 111 countries. From 2017 until August of this year, this amounted to 2.4 TB of publicly accessible Microsoft-owned data, which included more than 335,000 emails, 133,000 projects, and 548,000 exposed users. The leak might also include intellectual property.
There is a search engine of said data here.
“Surely this is not the first time a misconfigured server has exposed sensitive information, and it will not be the last,” Can Yoleri, a vulnerability and threat researcher at SOCRadar and the primary investigator of BlueBleed, said in a statement. “However, with vital leaked data belonging to tens of thousands of entities, BlueBleed is one of the largest B2B leaks in recent years.”
In the spirit of ‘The best defense is a good offense’ — Microsoft also condemned SOCRadar for offering a search engine available to the public that it claims does not protect user privacy or security and potentially put businesses at danger. According to SOCRadar, it offers a free service that businesses may use to search for their company names to see if any of the BlueBleed leaks have an impact on them.
And what does the public say?
“Microsoft being unable (read: refusing) to tell customers what data was taken and apparently not notifying regulators — a legal requirement — has the hallmarks of a major botched response,” Cyber expert Kevin Beaumont tweeted “I hope it isn’t.”
Beaumont further claimed the Microsoft bucket “has been publicly indexed for months” by services like Grayhat Warfare and that “it’s even in search engines.”
SOCRadar researchers added that misconfigured servers are among the top causes of data leaks and, evidencing the SANS 2022 Top New Attacks and Threat Report, added that data exfiltration from cloud storage is a common attack avenue.
Some of the exposed data may appear insignificant, but according to Erich Kron, a security awareness specialist with the cybersecurity company KnowBe4, if SOCRadar’s information is accurate, “It might contain some private data about the network setup and infrastructure of potential clients. Potential attackers who may be seeking for vulnerabilities may find this useful.”
Kron said that situations like BlueBleed show how much more information may be exposed by a misconfiguration with cloud storage than by a similar problem with on-premises systems.
Organizations hosting applications and data on any of the numerous cloud platforms just need to be aware of this, he said.”
“This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand,” he said. “Policies related to double checking configuration changes, or having them confirmed by another person, is not a bad idea when the outcome could lead to the exposure of sensitive data.” ®
To hire certified cyber security analysts and server configuration professionals, contact TBM Limited.
