Possibility that 65,000 companies in 111 countries were affected, with 2.4 TB of confidential data exposed due to Microsoft's misconfiguration

It turned out that there was a misconfiguration in the configuration of

Azure Blob Storage , Microsoft's cloud object storage service, and a total of 2.4 TB of confidential data of Microsoft customers was exposed. According to SOCRadar, a security company that discovered the problem, the published data included user information and business files, and 65,000 companies in 111 countries were affected.

Sensitive Data of 65,000+ Entities in 111 Countries Leaked due to a Single Misconfigured Data Bucket

Investigation Regarding Misconfigured Microsoft Storage Location – Microsoft Security Response Center

Microsoft data breach exposes customers' contact info, emails

Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica

SOCRadar, which has been continuously monitoring data breaches on the web, detected an Azure Blob Storage misconfiguration on September 24, 2022, and discovered that an accidentally exposed bucket contained sensitive data. Did. This problem was named 'BlueBleed' and said that the confidential data contained in the public bucket was a huge amount of 2.4 TB.

SOCRadar said the sensitive data was related to Microsoft and 65,000 companies in 111 countries, exposing more than 335,000 emails, 133,000 projects, and 548,000 user information. I'm here. Other confidential data that was accidentally disclosed included product purchase orders, invoices, project details, intellectual property documents, and internal evaluations of partners.

The Microsoft Security Response Center (MSRC) also issued a statement regarding the discovery of SOCRadar, stating, ``On September 24, 2022, SOCRadar notified Microsoft of an incorrect endpoint configuration. This could result in unauthenticated access to some business transaction data, such as the planning and implementation of Microsoft services exchanged between Microsoft and potential customers.When notified of a misconfiguration, endpoints It was immediately protected and accessible only with the required authentication, and our investigation found no indication that customer accounts or systems had been compromised.' SOCRadar also said that within hours of the notification, Microsoft reconfigured the bucket to be private, reducing the risk of data exfiltration.

According to Microsoft, this problem is due to an unintended misconfiguration, and there is no vulnerability in the system. Microsoft is working to improve processes to prevent this type of misconfiguration and is performing additional due diligence to investigate and ensure the security of all Microsoft endpoints.

While acknowledging that there was a misconfiguration, Microsoft countered that there was duplication of email, project and user data in the public bucket, and that 'SOCRadar greatly exaggerated the scope of the problem.' did. In addition, regarding SOCRadar's release of a tool called ' BlueBleed ' that can check for data leaks related to this misconfiguration, he said, 'It is not the best way to ensure customer privacy and security, and may expose customers to unnecessary risks. I am disappointed that I have released a certain 'search tool'.'

In response, SOCRadar claims that BlueBleed has had some data crawled by search engines, but that all data has been removed from the system. “On this query page, companies can anonymously see if their data has been exposed in public buckets,” said Ensar Şeker, vice president of research at SOCRadar. No. It is very disappointing that the MSRC has made such comments and denunciations after working together and helping to prevent a global cyber disaster,' said technology media Bleepeng Computer. said.

In addition, regarding Microsoft's notification to affected customers via the Microsoft 365 message center, and the response to inquiries from affected customers that they were unable to provide specific data affected by this issue. has also been criticized by security researchers.

in Software,   Security, Posted by log1h_ik