Bea Beltran Tech 10.20.2022 02:Oct AM EDT

Microsoft Acknowledges Possible Data Breach for Customers

Microsoft has informed its customers that a data breach might have exposed contact information. The tech company stated that it was due to a misconfigured Microsoft server that was accessible over the internet, according to Bleeping Computer.

The breach was detected by researchers from SOCRadar, an intelligence firm, on September 2022. The company added that the misconfiguration resulted in the potential for unauthenticated access to data from business transactions or interactions between Microsoft and its customers.

Microsoft has also posted a blog in response to SOCRadar's detection of the breach. It also includes the tech company's reactions to the details that the intelligence firm posted.

What Kind of Information Was Exposed?

SOCRadar believed that in Microsoft's server alone, there had been 2.4 terabytes of data that had sensitive information. The server holds 335,000 emails, 133,00 projects, and 548,000 exposed users, which they discovered as they were analyzing the leaked files.

In their analysis, they concluded that the files contain information like customer emails, SOW documents, product offers, Proof of Concept works, project details, customer product price lists, product orders, signed customer documents, internal comments for customers, sales strategies, customer asset documents, and so on.

SOCRadar warned that this information could lead to extortion, blackmailing, creating social engineering tactics, and more when accessed by hackers.

As mentioned in a blog post from Microsoft, the business transactions data concerning interactions between Microsoft and prospective customers include the following:

Names
Email addresses
Company name
Phone numbers
Attached files relating to business between customers and Microsoft or authorized Microsoft partners

What Caused the Data Breach?

The breach was not caused by a security vulnerability but an overlooked and unintentional misconfiguration on an endpoint, which is not in use in the Microsoft ecosystem. Microsoft has assured that the endpoint has been secured the moment they were notified and can now only be accessed via required authentication.

So far, they have found no indications of customer accounts or systems being compromised. The customers that were affected by the oversight have already been notified.

Microsoft's Response

Microsoft, however, expressed its disappointment toward SOCRadar. This was due to the intelligence firm exaggerating the severity of the issue. In addition to that, the tech giant also criticized SOCRadar's release of a search tool called BlueBleed that may cause customers of Microsoft more harm than good.

Microsoft claims that the search tool might expose its customers to unnecessary risks. They recommended that security companies that want to provide a tool that detects leaked data, should follow basic measures to protect data and privacy. The measure mentioned are the following:

Implement a verification system to ensure that a user is who they claim they are.
Follow data minimization principles by scoping results, which are delivered solely to information relating to the verified user only.
If the company is not in a position to determine with reasonable fidelity whether a person has been affected by a data leak, then they should not surface to given user information. This includes metadata or filenames, that make belong to another customer.

Tags microsoft Microsoft Data Breach Microsoft Breach Microsoft Customers Breach Microsoft Customer Data Breach Microsoft Data Breach Fixed SOCRadar Detects Breach