Server misconfiguration at Microsoft results in companies' data leak
In response to a security mistake that left an endpoint publicly available over the internet without any authentication, Microsoft this week acknowledged that it unintentionally exposed information pertaining to over 70,000 of its customers.
The unauthenticated access to some business transaction data corresponding to interactions between Microsoft and potential customers was caused by a misconfiguration, according to a Microsoft alert.
Microsoft underlined that the breach was "not the consequence of a security vulnerability" and was instead caused by an unintended misconfiguration on an endpoint that was not being used by anyone in the Microsoft ecosystem.
Security firm SOCRadar discovered the Azure Blob Storage configuration error on September 24, 2022, and named the leak BlueBleed. Microsoft stated that it is currently immediately informing affected customers.
The data leak's scope was not disclosed by the developer of Windows, but according to SOCRadar, it impacts over 65,000 companies across 111 nations. 2.4 terabytes of data were exposed, including invoices, product orders, signed client documents, partner ecosystem information, and more. Files with origin ranging from 2017 to August 2022 are among the breached data.
However, Microsoft has analyzed the scope of the problem, claiming that the information in question were related to names, email addresses, email content, company names, phone numbers, and attached files pertaining to transactions of clients and Microsoft/ an official Microsoft associate.
Furthermore, it stated in its disclosure that the data set contained "duplicate material, with several references to the same emails, projects, and people," indicating that the threat intelligence business "greatly overstated" the severity of the issue.
Redmond also highlighted its dissatisfaction with SOCRadar's choice to deploy a public search tool, which it claimed exposed clients to unneeded security risks.
In a follow-up article published on Thursday, SOCRadar compared the BlueBleed search engine to the data breach notification tool "Have I Been Pawned," presenting it as a way for enterprises to determine whether their data has been compromised in a cloud data leak.
According to the cybersecurity provider, as of October 19, 2022, all BlueBleed inquiries in the Threat Hunting module it makes available to its clients have been temporarily suspended at Microsoft's request.
"Microsoft's inability to inform customers of the data that was stolen and its apparent failure to alert authorities, which is required by law, have all the makings of a seriously mishandled reaction" in the words of a security expert Kevin Beaumont.
In addition, Beaumont said that the Microsoft bucket has been openly indexed for months and it's even in search engines.
Although there is no proof that threat actors inappropriately accessed the data prior to its dissemination, such breaches could still be used for evil intentions like extortion, social engineering attacks, or a quick buck.
Erich Kron who is a security awareness advocate at KnowBe4, wrote to The Hacker News in an email, "Although some of the information that may have been hacked seems innocuous included some classified info about the network and infrastructure configuration of potential customers."
Potential attackers who could be searching for weaknesses in the networks of one of these businesses might find this information useful.