Microsoft: Big data leak due to misconfiguration of cloud instances

Microsoft: Big data leak due to misconfiguration of cloud instances

A “simple” misconfiguration of cloud servers has fallen on Microsoft’s toes: The error left data from more than 65,000 customers in more than 111 countries open to the Internet, as IT security company SoccRadar recently announced. Was.

Microsoft openly acknowledges misconfiguration and open data on the web. Business communications between Microsoft or authorized partners and customers could be accessed by names, e-mail addresses, e-mail content and telephone numbers, and possible file attachments.

However, the numbers cited by Saucerdar are greatly exaggerated. The company’s own data analysis showed that the information is repetitive and there are multiple references to the same e-mails, projects and users. Even after this sign, Socradar did not deviate from the specified numbers, which is very disappointing for Microsoft.

Affected customers have been notified of the incident. The company is silent on how many were there. The same applies to those specific documents that were publicly accessible. When asked, Microsoft employees could not specify the details of the affected data, as per a Twitter post by those affected.

Microsoft explained in one opinion Also that the problem was caused by an inadvertent misconfiguration on one endpoint. However, it will no longer be used in the Microsoft ecosystem. Data leaks are not the result of security gaps. However, work is being done to improve the processes so that such misunderstandings at the endpoints no longer occur.

Soccerdar says an analysis tool open bucket with sensitive data. During an analysis by the company’s IT researchers, they came across a storage area with SQL Server backups. This investigation led them to connect an incorrectly configured bucket to Azure Blob Storages. 2.4 Terabytes of data was accessible, the contents of which range from 2017 to August 2022.

See also  Phishing mail attacks in Austria: how to protect yourself

According to Soccerdar, the numbers suspected by Microsoft include 335,000 emails, 133,000 projects and 548,000 users. Data may include, for example, proof of performance, job descriptions, user information, product orders, offers, project details and sensitive personal data.


on home page


Please enter your comment!
Please enter your name here