Skip to main content

Microsoft data breach exposed sensitive data of 65,000 companies

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

SOCRadar Cloud Security Module discovered a misconfigured Microsoft Server on September 24, 2022.
Image used with permission by copyright holder

Having been made aware of the breach on September 24, 2022, Microsoft released a statement saying it had secured the comprised endpoint, which is “now only accessible with required authentication,” and that an investigation “found no indication customer accounts or systems were compromised.”

Recommended Videos

The company also stated that it has directed contacted customers that were affected by the breach.

However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. The security firm noted that while Microsoft might have taken swift action on fixing the misconfigured server, its research was able to connect the 65,000 entities uncovered to a file data composed between 2017 and 20222, according to Bleeping Computer.

Microsoft has not been pleased with SOCRadar’s handling of this breach, having stated that encouraging entities to use its search tool “is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.”

The research firm insists that it has not overstepped any privacy protocols in its work and none of the information it uncovered was saved on its end.

“No data was downloaded. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems,” SOCRadar VP of Research and CISO Ensar Şeker told BleepingComputer.

“We redirect all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. Search can be done via metadata (company name, domain name, and email). Due to persistent pressure from Microsoft, we even have to take down our query page today,” he added.

Microsoft itself has not publicly shared any detailed statistics about the data breach.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Use Comcast for internet? Your personal data may have been hacked
A building with the Xfinity logo on it.

Comcast, alongside several other big corporations, has recently suffered a devastating data breach. According to reports, it's possible that hackers got their hands on the data of up to 36 million Comcast Xfinity customers, meaning the company's cable television and internet department. Although the company is pretty tight-lipped about it, the data breach occurred over two months ago. Here's what we know and what you should do to protect yourself.

The hackers were able to access those masses of customer information through a vulnerability known as "CitrixBleed." It's found in Citrix networking devices that Comcast and other huge corporations use. The exploit was initially discovered in August and appears to have been used in cyberattacks on not just Comcast but also many other companies, including Boeing.

Read more
The 23andMe data breach just keeps getting scarier
A 23andMe kit

The 23andMe breach that took place in October has been confirmed as much worse than originally reported, affecting 6.9 million people, as opposed to the 14,000 users first thought.

Information stolen in the breach included users' full names, birth years, relationship labels, and locations. Approximately 1.4 million users also had Family Tree profile information on the service compromised. Hackers could also access genetic information in the breach, including details about common DNA percentages shared with relatives, and specifics such as chromosome matching, according to a spokesperson.

Read more
Microsoft accidentally released 38TB of private data in a major leak
A large monitor displaying a security hacking breach warning.

It’s just been revealed that Microsoft researchers accidentally leaked 38TB of confidential information onto the company’s GitHub page, where potentially anyone could see it. Among the data trove was a backup of two former employees’ workstations, which contained keys, passwords, secrets, and more than 30,000 private Teams messages.

According to cloud security firm Wiz, the leak was published on Microsoft’s artificial intelligence (AI) GitHub repository and was accidentally included in a tranche of open-source training data. That means visitors were encouraged to download it, meaning it could have fallen into the wrong hands again and again.

Read more