According to security research firm SOCRadar, Microsoft servers were victims of a security breach that may have affected over 65,000 companies in 111 countries.
SOCRadar claims it has shared its findings with Microsoft, detailing that a misconfigured Azure Blob Storage was compromised and may have exposed approximately 2.4 TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as, but not limited to, proof of concept documents, sales records, product orders.
After Microsoft was made aware of the breach on September 24, 2022, it released a statement that it had secured the included endpoint, which “can now only be accessed with required authentication,” and that an investigation “found no evidence of it.” has that customer accounts or systems have been compromised.”
The company also said it had written to customers affected by the breach.
However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who may have been concerned about being affected by the leak. The security firm noted that while Microsoft may have taken quick action to fix the misconfigured server, its research was able to connect the 65,000 uncovered entities to a file compiled between 2017 and 2022, according to Bleeping Computer.
Microsoft was not happy with SOCRadar’s handling of this breach, after stating that encouraging companies to use its search tool “is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.” “.
The research firm insists that it did not breach any privacy protocols in its work and none of the information uncovered was stored at its end.
“No data was downloaded. Some of the data was crawled by our engine, but as we promised Microsoft, no data has been shared to date, and all such crawled data has been purged from our systems,” Ensar Şeker, VP of Research and CISO of SOCRadar, told BleepingComputer.
“We direct all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. The search can be done via metadata (company name, domain name and email). Today, due to continued pressure from Microsoft, we even have to take our query page offline,” he added.
Microsoft itself has not released detailed statistics about the data breach.