Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies’ Data Leak

“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft said in an alert.

The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

Microsoft has disputed the extent of the issue, stating the data included names, email addresses, email content, company name, and phone numbers, and attached files relating to business “Between a customer and Microsoft or an authorized Microsoft partner.”

In a follow-up post on Thursday, likened the BlueBleed search engine to data breach notification service “Have I Been Pwned,” enabling organizations to search if their data was exposed in a cloud data leak.

“Microsoft being unable to tell customers what data was taken and apparently not notifying regulators – a legal requirement – has the hallmarks of a major botched response,” security researcher Kevin Beaumont tweeted.

“While some of the data that may have been accessed seems trivial, if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers,” Erich Kron, security awareness advocate at KnowBe4, told The Hacker News in an email.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

This field is for validation purposes and should be left unchanged.
Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

This site is registered on wpml.org as a development site.