A Microsoft data leak transpired last September 24, dubbed ‘BlueBleed,’ which the tech giant said was caused by a misconfigured server. The incident leaked customers’ sensitive data, including names, email addresses, phone numbers, company names, and other critical files.
The tech giant also explained that the misconfiguration incident could allow malicious actors to have unauthenticated access to its business transaction data between them and prospective clients. A clarification was also stated, explaining that the unintentional misconfiguration on a Microsoft endpoint which the firm has not been actively using across its ecosystem, allowed the leak to happen.
An investigation revealed that customers’ accounts or systems were not compromised in the incident, but the firm immediately notified them about what happened. No further details were shared about the data leak, although separate researchers said that the impacted customer data were kept in a misconfigured Azure Blob Storage.
About 65,000 companies from 111 countries stored their data in the misconfigured Microsoft storage from 2017 to August 2022, exposing them to a data leak.
The researchers identified which server was compromised in the BlueBleed incident because of a built-in Cloud Security Module that detected the Microsoft Azure Blob Storage undergoing a compromise last September 24. This server holds sensitive data of the tech giant’s high-profile cloud provider.
Aside from the mentioned customer data affected in the Microsoft data leak, the threat intel researcher said it also included Proof-of-Execution (PoE) and Statement of Work (SoW) files, user information, product orders, project details, PII data, and several other intellectual property files – summing to about 2.4TB of data.
Microsoft refuted the released analysis of the threat intel researchers, stating that the figures and scope were exaggerated. The data involved in the incident has also been allowed to be searched by users using a dedicated search portal. However, it is believed that this action could compromise customers’ security and privacy and expose them to further cybersecurity risks.
There are currently no comments gathered from the threat intel firm after being asked about their response to Microsoft’s reaction. Users affected by the incident were warned to be cautious against potential attacks from hackers who might have accessed the misconfigured server.
