Microsoft Warns A Month Old Data Breach May Have Exposed Customer Details To Hackers
According to SOCRadar, 2.4 TB of data relating to more than 65,000 companies from 111 countries was publicly available as a result of this server misconfiguration. The cybersecurity firm’s analysis has so far discovered more than 335,000 emails, 133,000 projects, and 548,000 users exposed in this data. However, Microsoft disputes these numbers, claiming in its blog post that “SOCRadar has greatly exaggerated the scope of this issue.” The blog post goes on to say that the exposed database includes duplicate information and repeated references, implying that SOCRadar’s numbers don’t accurately represent the number of unique emails, projects, and users exposed by this leak.
Microsoft, on its part, doesn’t seem particularly forthcoming when it comes to informing companies about the exact contents of the exposed data. One Twitter user shared the notice his company received from Microsoft, which read, “We’ve identified that your organization was in scope of this incident. Affected data types that may have been involved included names, email addresses, company name, address, or phone numbers. We are unable to provide the specific affected data from this issue.” The user ended up opening a ticket with Microsoft support in the hopes of receiving more information about the affected data. However, after some back-and-forth discussion, Microsoft support automatically archived the ticket, stating that “there is no other available information for the case.”
According to SOCRadar, the exposed files include Proof-of-Execution (PoE) documents, Statement-of-Work (SoW) documents, invoices, product orders, product offers, project details, signed customer documents, Proof-of-Concept (POC) works, customer emails, customer product price list and customer stocks, internal comments for customers, sales strategies, customer asset documents, and partner ecosystem details. These files stretch from 2017 to August 2022. Cybersecurity researcher Kevin Beumont says that the database has been available and publicly indexed for months, with searchable cached versions available on the open web for all to see. Microsoft may have fixed the server configuration, but the nightmare for organizations affected by this leak is likely just beginning.