What you need to know
- Microsoft was alerted by security researchers at SOCRadar about a misconfigured endpoint that had exposed some customer information. Microsoft had quickly acted to correct its mistake to secure its customers’ data.
- Though Microsoft would not reveal how many people were impacted, SOCRadar researchers claimed that 65,000 entities across 111 countries may have had their data compromised, which includes names, phone numbers, email addresses and content, company name, and attached files containing proprietary company information like proof of concept documents, sales data, product orders, and more.
- Microsoft disputed SOCRadar’s claims and fired back at the researchers stating that their estimations are over-exaggerated. Microsoft also took issue with SOCRadar’s use of the BlueBleed tool to crawl through servers to figure out what information, if any, may have been exposed as a result of security flaws or breaches.
- SOCRadar executives stated that the company does not keep any of the data it comes across and has since deleted any data that its tool may have accessed. SOCRadar expressed “disappointment” over accusations fired by Microsoft.
Microsoft confirmed that a misconfigured system may have exposed customer data. The company revealed that it was informed of the isolated incident by researchers at SOCRadar, though both companies remain in disagreement over how many users were impacted and best practices that cybersecurity researchers should take when they encounter a breach or leak in the future.
“Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint,” Microsoft wrote in a detailed security response blog post (opens in new tab). “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.”
The company revealed that information that may have been exposed as a result of the breach include names, email addresses, email content, company name, phone numbers, and other attached files, but Microsoft stopped short of revealing how many entities were impacted. Microsoft said that it does not believe that any data was improperly accessed prior to correcting the security flaw.
Even though Microsoft’s investigation revealed that no customer accounts or systems were compromised, the SOCRadar security researchers who notified Microsoft of its misconfigured server were able to link information directly back to 65,000 entities across 111 countries in file data composed between 2017 and 20222, according to a report on Bleeping Computer.
For its part, Microsoft claimed that it had quickly secured its servers upon being notified, and that it has alerted affected customers of the potential data breach.
“We’ve confirmed that the endpoint has been secured as of Saturday, September 24, 2022, and it is now only accessible with required authentication,” Microsoft said. “Our investigation did not find indicators of compromise of the exposed storage location. Additionally, we found that no customer accounts and systems were compromised due to unrestricted access. However, an external security research firm who reported the issue to Microsoft, confirmed that they had accessed the data as a part of their research and investigation into the issue.”
Microsoft also fired back at SOCRadar for exaggerating the scope of the issue, so it’s unclear if that company’s report that 65,000 entities affected hold true.
“Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft said. “We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.”
Additionally, Microsoft had issue with the way that SOCRadar researchers handled their discovery of the breach by using a search tool to try to connect the data.
“More importantly, we are disappointed that SOCRadar has chosen to release publicly a ‘search tool’ that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk,” Microsoft added in its response.
SOCRadar uses its BlueBleed tool to crawl through compromised systems to find out what information can readily be obtainable and accessible by malicious actors. BlueBleed discovered 2.4TB of data, including 335,000 emails, 133,000 projects, and 584,000 exposed users, according to a report on Bleeping Computer.
In recent years under the leadership of CEO Satya Nadella, Microsoft made data security and privacy practices central pillars of of its operations, so it is refreshing to see the company take swift action to correcting the security flaw. However, it would have been nice to see more transparency from Microsoft about the severity of the breach and how many people may have been impacted, especially in light of the data that SOCRadar was able to collect. Of the files that were collected, SOCRadar’s analysis revealed that these included proof of concept works, internal comments and sales strategies, customer asset documents, product orders, offers, and more.
SOCRadar VP of Research Ensa Seker told the publication that no data was shared with anyone through the use of BlueBleed, and all the data that it had collected has since been deleted.
“The leaked data does not belong to us, so we keep no data at all,” Seker told Bleeping Computer, noting that his company was disappointed with Microsoft’s accusations.
If you have been impacted from this potential data breach, you will receive details and instructions from Microsoft.
Earlier this year, Microsoft, along with other technology firms, made headlines for a series of unrelated breaches as a result of cyber hacking from the Lapsus$ group. The company has also been making a bigger push and investment in cybersecurity with its new Microsoft Security Experts program and integrating security intelligence into its Windows Defender tool.
