Microsoft confirms buyer knowledge leak however disputes scope • The Register

Microsoft has confirmed that certainly one of its personal misconfigured cloud methods led to the publicity of buyer data on the web, though it disputes the extent of the leak.

In a revelation this week, Microsoft’s Safety Response Heart (MSRC) stated it was notified by risk intelligence agency SOCRadar on September 24 of a misconfigured endpoint that uncovered enterprise transaction knowledge associated to interactions between Microsoft and Microsoft. his shoppers.

The data included the supposed use or potential implementation and provisioning of Microsoft companies, in accordance with MSRC. As soon as notified, Microsoft secured their endpoint, which is now solely accessible via correct authentication. To be clear: Microsoft screwed up the configuration of a storage system in its personal cloud, revealing buyer data it was supposed to maintain personal.

“Our investigation discovered no indication that buyer accounts or methods had been compromised,” the safety middle wrote. “We now have immediately knowledgeable the affected clients.”

In a report additionally launched this week, SOCRadar researchers stated Microsoft’s misconfiguration uncovered delicate knowledge, together with proof of execution and assertion of labor paperwork, person data, product presents and orders. , challenge particulars and personally identifiable data (PII).

The paperwork may have revealed mental property, the corporate claimed.

SOCRadar stated it tracked and monitored public cloud storage buckets and located six massive Microsoft-run public buckets containing data on greater than 150,000 firms in 123 nations. SOCRadar collectively refers back to the leaks as BlueBleed.

The report states that one of many largest public buckets – known as BlueBleed Half 1 – was a misconfigured Azure Blob Storage occasion that allegedly contained details about greater than 65,000 entities in 111 nations. This represented 2.4TB of public knowledge owned by Microsoft courting from 2017 to August this 12 months, together with greater than 335,000 emails, 133,000 initiatives and 548,000 uncovered customers.

The report states that events “who could have accessed the bucket could use this data in numerous varieties for extortion, blackmail, creating social engineering ways utilizing uncovered data, or just promoting the data. to the best bidder on the darkish net and Telegram channels.

“That is definitely not the primary time a misconfigured server has uncovered delicate data, and it will not be the final,” stated Can Yoleri, vulnerability and risk researcher at SOCRadar and lead investigator at BlueBleed, in a press launch. “Nonetheless, with leaks of important knowledge belonging to tens of hundreds of entities, BlueBleed is among the largest B2B leaks in recent times.”

Microsoft took challenge with SOCRadar’s description of the scope of the leak, which it stated concerned enterprise transaction knowledge – resembling names, e mail addresses, e mail content material, firm names and phone numbers and may embrace attachments regarding enterprise “between a buyer and Microsoft or a licensed Microsoft accomplice.”

“After proofreading [the SOCRadar] weblog put up, we first wish to observe that SOCRadar has drastically exaggerated the scope of this challenge,” MSRC stated. “Our in depth investigation and evaluation of the dataset reveals duplicate data, with a number of references to identical emails, initiatives and customers. We take this challenge very significantly and are upset that SOCRadar overstated the numbers concerned on this challenge even after declaring their error.”

Microsoft additionally criticized SOCRadar for releasing a search software that it says doesn’t assure buyer privateness or safety and will put organizations in danger. SOCRadar stated it gives a free service that companies can use to analysis their enterprise title to find out if they’re affected by any of the BlueBleed leaks.

SOCRadar researchers stated that misconfigured servers are among the many high causes of information leaks and, declaring the SANS 2022 Report on Top New Attacks and Threatsadded that knowledge exfiltration from cloud storage is a typical assault path.

“Risk actors continuously scan public storage buckets for delicate knowledge,” the researchers wrote. “They’ve the sources and the means to automate scanning with superior instruments. Firms have to proactively monitor these cyber dangers with automated safety instruments.”

In an e mail to The registerErich Kron, safety consciousness advocate for cybersecurity agency KnowBe4, stated a number of the uncovered knowledge could appear insignificant, but when SOCRadar’s data is appropriate, “it may embrace delicate details about the infrastructure and the community configuration of potential clients. This data might be helpful to potential attackers who may be searching for vulnerabilities inside any of those organizations’ networks.”

Kron additionally stated incidents like BlueBleed illustrate that with cloud storage, such misconfiguration can expose data from much more organizations and people than an identical challenge with on-premises methods. .

“It is simply one thing that organizations internet hosting purposes and knowledge on any of the completely different cloud platforms want to grasp,” he stated. “Insurance policies associated to double-checking configuration modifications, or having them confirmed by one other particular person, will not be a nasty concept when the end result could result in the publicity of delicate knowledge.” ®

Leave a Comment