Security News > 2021 > September > EventBuilder misconfiguration exposes Microsoft event registrant data
EventBuilder is a software solution for creating virtual events using Microsoft technologies and integrates with Microsoft Teams and Teams Live Events extension.
The platform is a member of the Microsoft Supplier Program and is used by Microsoft to host events for external audiences.
A report from security researcher Bob Diachenko in partnership with Clario Tech reveals that EventBuilder exposed more than one million CSV and JSON files with personal information belonging to registrants to events through Microsoft Teams.
Looking for details about "Supercharge key workflows with apps in Teams" event, we found it was part of the Microsoft Teams Chalk Talks program and it was a presentation from Abbie Sweeney, Teams Program Manager.
The exposed data was present on Microsoft Azure Blob Storage, which is Microsoft's cloud-based object storage solution.
Since EventBuilder is also used by Microsoft, Diachenko says that this data leak makes for "An interesting case study in how even the most advanced technology companies can expose themselves to data vulnerabilities."