Microsoft says it accidentally leaked business transaction data between the software giant and potential customers. However, the company is trying to downplay the leak as a cybersecurity firm claims the exposure ensnared 65,000 entities across the globe, many of them companies.
On Sept. 24, cybersecurity firm SOCRadar notified Microsoft about the leak, which occurred via an online storage system that had been misconfigured for open access.
In a blog post(Opens in a new window) on Wednesday, Microsoft said: “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.”
The exposed information included “names, email addresses, email content, company name, and phone numbers,” along with attached business documents. The company was quick to secure the storage system by adding an authentication requirement. Microsoft also says its investigation “found no indication customer accounts or systems were compromised.”
In addition, the software giant has been notifying affected customers. But at the same time, Microsoft is criticizing SOCRadar for allegedly “exaggerating” the scale of the leak.
In its own blog post(Opens in a new window), SOCRadar says the misconfigured Microsoft storage contained sensitive data on 65,000 entities across 111 countries. Specifically, the exposed data was held inside an Azure Blob Storage from Microsoft, which is designed to hold and analyze large amounts of unstructured data.
“The leak includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property,” Virginia-based SOCRadar claims; 335,000 emails were also found in the leak.
(Credit: SOCRadar)
The cybersecurity firm discovered the exposed data through a company product that can scan the internet for misconfigured cloud servers exposing sensitive data. It’s unclear if any malicious hackers managed to access and copy the data from the misconfigured Microsoft storage server. But if they did, SOCRadar warns the attackers now have a trove of information on “tens of thousands of companies” they can exploit for further attacks.
“As a result of our investigations on the misconfigured server, SQLServer databases, and other files, SOCRadar researchers discovered publicly available 2.4TB of data containing sensitive information belonging to Microsoft. The exposed data include files dated from 2017 to August 2022,” the cybersecurity firm added.
However, Microsoft is accusing SOCRadar of inflating the leak’s severity. “Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft wrote in its own blog post. “We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.”
Microsoft is also disappointed with how SOCRadar has created a search tool(Opens in a new window) enabling victims of the leak to see if they were affected. The problem is that anyone—including a business, journalist or a hacker—can type in a company’s name into the search tool to determine if they were in the leak. The user can then see more data about the leak by registering for a free edition of SOCRadar’s Cyber Threat Intelligence product.
Recommended by Our Editors
(Credit: SOCRadar)
Microsoft says SOCRadar should “implement a reasonable verification system” and ensure the search tool scopes the results to verified victims before offering it to the public.
SOCRadar didn’t immediately respond to a request for comment. However, the company seems to be reviewing each free request for its Cyber Threat Intelligence product before granting access. The free access also only allows the user to search for results pertaining to one corporate domain.
In addition, SOCRadar’s search tool lumps the Microsoft incident with five other leaks that the cybersecurity firm recently detected on misconfigured cloud storage systems at other providers, including Google and Amazon AWS. So if you use the search tool, and find a company name in the results, you won’t know which misconfigured storage system the data comes from.
Microsoft declined to comment, including about how many customers were affected. But in its blog post, the company added: “We are working to improve our processes to further prevent this type of misconfiguration and performing additional due diligence to investigate and ensure the security of all Microsoft endpoints.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0