Microsoft Data Breach Exposes Customers Information

Microsoft Corp. today revealed details of a server misconfiguration that may have compromised the data of some potential customers in September.

According to a post today by the Microsoft Security Response Center, the breach related to a misconfigured Microsoft endpoint that was detected by security researchers at SOCRadar Cyber Intelligence Inc. on Sept. 24. The misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provision of Microsoft services.

Upon being notified of the misconfiguration, the endpoint was secured. Microsoft’s investigation found no indication that accounts or systems were compromised but potentially affected customers were notified.

Exposed data included names, email addresses, email content, company name and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. The unintentional misconfiguration was on an endpoint that was not in use across the Microsoft ecosystem and was not the result of a security vulnerability.

Microsoft did not say how many potential customers were exposed by the misconfiguration, but in a separate post, SOCRadar, which describes the exposure as BlueBleed, puts the figure at more than 65,000. The SOCRadar researchers also note that the leaking data on the Azure Blob Storage instance totaled 2.4 terabytes and included proof-of-execution and statement-of-work documents, including some that may reveal intellectual property.

“While some of the data that may have been accessed seem trivial, if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations’ networks.”

Kron noted that although cloud services can be very convenient, and if secured properly, also very secure, when a misconfiguration occurs, the information can be exposed to many more potential people than on traditional internal on-premise systems.

“This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand,” Kron added. “Policies related to double checking configuration changes, or having them confirmed by another person, is not a bad idea when the outcome could lead to the exposure of sensitive data.”