Microsoft public cloud misconfiguration leaks 2.4 terabytes of data – Digital Convergence

Digital Convergence … 10/24/2022 … Digital Convergence

Microsoft confirmed that a misconfigured endpoint was responsible for exposing and leaking data from Azure customers. The security flaw left the endpoint accessible on the internet without any need for authentication. The misconfiguration was done unintentionally and the leak was not due to a security vulnerability as was initially vented.

The misconfiguration occurred in Azure Blob Storage and was detected last September 24 by the cyber security company SOCRadar. The leak was named by the company as BlueBleed. While Microsoft did not reveal the exact number of affected customers, SOCRadar estimates that the leak affected 65,000 organizations in 111 countries.

In total, around 2.4 terabytes of data were leaked, covering the period from 2017 to August this year, including more than 335,000 emails, 133,000 projects and 548,000 exposed users. The data consisted of invoices, product orders, signed customer documents, and partner ecosystem details, among others, as well as person names, email addresses and messages, company names, phone numbers, and other sensitive information.

In a statement, Microsoft said it is sending a notice to affected customers, in which it says: “This misconfiguration resulted in potential unauthenticated access to some business transaction data corresponding to interactions between Microsoft and potential customers, such as planning or implementation and provisioning of Microsoft services”.

Source link

About Admin

Check Also

lack of signal affects customers this Thursday (1) – Tecnoblog

At best deals🇧🇷 no tail stuck customers of Alive are having difficulty accessing the operator’s …

Leave a Reply

Your email address will not be published. Required fields are marked *