Misconfigured Microsoft Endpoint exposed B2B customer data
Security researchers at SOCRadar informed Microsoft about a misconfigured data bucket that exposed 2.4 Terabytes of data to the public. The data includes sensitive information, including personally identifiable information, product orders and offers, project details, or statement of work documents, according to SOCRadar.
Microsoft protected the endpoint hours after being informed about it by the company. The data includes files dated from 2017 to August 2022. SOCRadar notes that the data includes information about more than 65,000 companies from 111 countries.
The company has created a search option on their website. A free account is required to search the data and find out if a particular company is affected.
Microsoft confirmed the data exposure issue on October 19th, 2022. According to Microsoft, it found no indication that customer accounts or systems were compromised. The misconfiguration had the potential that data was accessed by unauthorized entities.
The data that was accessible includes "names, email addresses, email content, company name, and phone numbers" according to Microsoft. Attached files, relating to "business between a customer and Microsoft or an authorized Microsoft partner" may also have been included. SOCRadar claims that the data includes sensitive information, including signed customer documents, customer assets documents, product price lists and more.
Impacted customers were notified by Microsoft, according to the statement.
A large part of the announcement on Microsoft's website is used to criticize SOCRadar and its handling of the incident. Microsoft claims that SOCRadar has "greatly exaggerated the scope" of the issue, stating that the data set includes duplicate information.
Microsoft expressed disappointment that SOCRadar released a public search tool, as it may expose customers to "unnecessary risk". SOCRadar should have implemented a system that is using verification to ensure that data is revealed only to users affected by the leak and that information is only displayed to the actual user.
Closing Words
Fact is, customer data was stored on an unprotected endpoint for a period of time. It is unclear if SOCRadar was the only entity that downloaded the data; Microsoft claims that it could not detect unauthorized access to the data.
Whether SOCRadar is overplaying the importance of the exposed endpoint and the data it contained, or Microsoft is trying to downplay the issue is difficult to say at this endpoint. Microsoft is obviously interested in protecting customer data, its reputation as a cloud security provider, and constraining the potential leak, SOCRadar in furthering its business through publicy.
Now You: what is your take on the situation?
Are these articles AI generated?
Now the duplicates are more obvious.
This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.
Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
1.) Excel Keyboard Shortcuts by Trevor Monteiro.
2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro
Why oh why?
Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?
Probably they will announce that the taskbar will be placed at top, right or left, at your will.
Special event by they is a special crap for us.
If it’s Microsoft, don’t buy it.
Better brands at better prices elsewhere.
All new articles have zero count comments. :S
WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage
I have O365 until end of this year, mostly for onedrive and probably will jump into google one
Photo storage must be kept free because customers chose gadgets just for photos and photos only.
What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?
Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.
I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.
And now that they discovered what poor management results in do they go back and do the album feature properly?
Nope, just charge the customer twice.
Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.
When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?
Instead of a software company, Microsoft is now a fraud company.
For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
unquote
so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.
>”Now You: what is your theory?”
That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.
Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.
Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.
The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.