A Microsoft server was exposed to a breach that leaked data from more than 65,000 companies in 111 countries, according to security research firm SOCRadar.
SOCRadar said it notified Microsoft of its findings, specifying that an Azure Blob Storage Server configured in incorrectly was compromised, possibly exposing around 2.4 terabytes of sensitive data, including: names, phone numbers, email addresses and company names and attached files that contain companies private information, such as test documents, sales data, product orders and many other information.
After being notified of the breach on September 24, 2022, Microsoft released a statement this week in which claimed to have secured the compromised endpoint, which “can now only be accessed through the required authentication” and that the investigation “found no indication that customer accounts or systems had been compromised.” The company also said it contacted customers affected by the breach.
The Arab portal for technical news reported that SOCRadar has also responded by making the BlueBleed search portal available to Microsoft customers who may fear they will be affected by the data leak.
The security company noted that although Microsoft responded quickly by intervening to repair the configured server in incorrectly, his research was in able to connect 65,000 entities exposed to file data configured between 2017 and 2022, according to Bleeping Computer.
Microsoft was dissatisfied with what SOCRadar did to address the breach, saying encouraging entities to use its search tool “is not in the interest of ensuring the privacy or security of customers and could expose them to unnecessary risk.”
But the research firm insists that it has not bypassed any privacy protocols in its work and that it has not retained any of the information that was disclosed.
“No data has been downloaded and we have used our engine to scroll through some of the data, but – as promised by Microsoft – no data has yet been shared and all this data that has passed has been deleted”, SOCRadar VP of research at SOCRadar, Ansar Shukr, told Bleeping Computer. They are our systems “.
Shukr added: “We are redirecting all our customers to Microsoft 365 Admin Center Alert if they want to view the original data. The search can be done via metadata (company name, domain name, email). Due to the constant pressure from Microsoft, even remove a page Our query.
It should be noted that Microsoft did not disclose detailed statistics in about the violation that occurred.
Read More About: Technology News
You must log in to post a comment.