Security News > 2022 > October > Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak
"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.
The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.
Microsoft has disputed the extent of the issue, stating the data included names, email addresses, email content, company name, and phone numbers, and attached files relating to business "Between a customer and Microsoft or an authorized Microsoft partner."
In a follow-up post on Thursday, likened the BlueBleed search engine to data breach notification service "Have I Been Pwned," enabling organizations to search if their data was exposed in a cloud data leak.
"Microsoft being unable to tell customers what data was taken and apparently not notifying regulators - a legal requirement - has the hallmarks of a major botched response," security researcher Kevin Beaumont tweeted.
"While some of the data that may have been accessed seems trivial, if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers," Erich Kron, security awareness advocate at KnowBe4, told The Hacker News in an email.
News URL
https://thehackernews.com/2022/10/microsoft-confirms-server.html
Related news
- Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise (source)
- Home Depot confirms worker data leak after miscreant dumps info online (source)
- Cerebral to pay $7 million settlement in Facebook pixel data leak case (source)
- Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge (source)
- UnitedHealth confirms it paid ransomware gang to stop data leak (source)
- Microsoft: April Windows Server updates cause NTLM auth failures (source)
- New attack leaks VPN traffic using rogue DHCP servers (source)
- Microsoft: April Windows Server updates also cause crashes, reboots (source)
- Microsoft fixes Windows Server bug causing crashes, NTLM auth failures (source)
- Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors (source)