Microsoft Corp. today revealed details of a server misconfiguration that may have compromised the data of some potential customers in September.
According to the Microsoft Security Response Center, the breach related to a misconfigured Microsoft endpoint that was detected by security researchers at SOCRadar Cyber Intelligence Inc. on Sept. 24. The misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provision of Microsoft services.
Upon being notified of the misconfiguration, the endpoint was secured. Microsoft’s investigation found no indication that accounts or systems were compromised but potentially affected customers were notified.
Exposed data included names, email addresses, email content, company name and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. The unintentional misconfiguration was on an endpoint that was not in use across the Microsoft ecosystem and was not the result of a security vulnerability.
Microsoft did not say how many potential customers were exposed by the misconfiguration, however, in a separate post, SOCRadar – who describes the exposure as BlueBleed – puts the figure at over 65,000. The SOCRadar researchers also note that the leaking data on the Azure Blob Storage instance totaled 2.4 TB and included Proof-of-Execution and Statement of Work documents, including documents that may reveal intellectual property.
“While some of the data that may have been accessed seem trivial, if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations’ networks.”
Kron noted that while cloud services can be very convenient and if secured properly, also very secure, when a misconfiguration occurs, the information can be exposed to many more potential people compared to traditional internal on-premise systems.
“This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand,” Kron added. “Policies related to double checking configuration changes, or having them confirmed by another person, is not a bad idea when the outcome could lead to the exposure of sensitive data.”
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.