Security News > 2022 > October > Microsoft data breach exposes customers’ contact info, emails
Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet.
"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," the company revealed.
According to Microsoft, the exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorized Microsoft partner.
While Microsoft refrained from providing any additional details regarding this data leak, SOCRadar revealed in a blog post published today that the data was stored on misconfigured Azure Blob Storage.
"On September 24, 2022, SOCRadar's built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider," SOCRadar said.
SOCRadar's data leak search portal is named BlueBleed and it allows companies to find if their sensitive info was also exposed with the leaked data.
News URL
Related news
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Food giant WK Kellogg discloses data breach linked to Clop ransomware (source)
- The quiet data breach hiding in AI workflows (source)
- Hertz confirms customer info, drivers' licenses stolen in data breach (source)
- Hertz data breach: Customers in US, EU, UK, Australia and Canada affected (source)
- Landmark Admin data breach impact now reaches 1.6 million people (source)
- Entertainment services giant Legends International discloses data breach (source)
- Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach (source)
- 2025 Data Breach Investigations Report: Third-party breaches double (source)