Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies’ Data Leak

“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft said in an alert.

The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

Microsoft has disputed the extent of the issue, stating the data included names, email addresses, email content, company name, and phone numbers, and attached files relating to business “Between a customer and Microsoft or an authorized Microsoft partner.”

In a follow-up post on Thursday, likened the BlueBleed search engine to data breach notification service “Have I Been Pwned,” enabling organizations to search if their data was exposed in a cloud data leak.

“Microsoft being unable to tell customers what data was taken and apparently not notifying regulators – a legal requirement – has the hallmarks of a major botched response,” security researcher Kevin Beaumont tweeted.

“While some of the data that may have been accessed seems trivial, if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers,” Erich Kron, security awareness advocate at KnowBe4, told The Hacker News in an email.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

A Vumetric expert will contact you to learn more about your cybersecurity needs and goals.

The project's scope will be defined (Target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is sent to you.

This field is for validation purposes and should be left unchanged.


Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)

This site is registered on as a development site. Switch to a production site key to remove this banner.