Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.
In a revelation this week, Microsoft’s Security Response Center said the cloud provider was notified by threat intelligence firm SOCRadar on September 24 about the misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and customers.
The information included planning or potential implementation and provisioning of Microsoft services, according to MSRC. Once notified, Microsoft secured the endpoint, which now can only be accessed through required authentication.
Microsoft disputed SOCRadar’s description of the extent of the leak, which it said involved business transaction data like names, email address, email content, company names, and phone numbers and may also include attached files linked to business “Between a customer and Microsoft or an authorized Microsoft partner.”
SOCRadar researchers said misconfigured servers are among the top causes of data leaks and, pointing to the SANS 2022 Top New Attacks and Threat Report, added that data exfiltration from cloud storage is a common attack avenue.
In an email to The Register, Erich Kron, security awareness advocate for cybersecurity firm KnowBe4, said that some of the data exposed may seem trivial, but that if SOCRadar’s information is correct, “It could include some sensitive information about the infrastructure and network configuration of potential customers. This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations’ networks.”
