IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Thousands of Microsoft customer records found on a public server

The tech giant claims security researchers have greatly exaggerated the scope of the issue

Microsoft has been accused of leaving thousands of customer records open to the public on a misconfigured server, and only taking steps to secure it after receiving a warning from a security research firm.

Researchers at SOCRadar, a cyber security company, said they had detected sensitive data belonging to 65,000 entities in 111 countries on a misconfigured Azure Blob Storage server, it revealed on Thursday.

Related Resource

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Whitepaper cover with title on grey rectangle with top header banner and ESG logoFree Download

First discovered on 24 September, the firm found 2.4 terabytes of data publicly available, containing sensitive information belonging to Microsoft and its customers, including data on files dated between 2017 and August 2022. Researchers have said the data contained over 335,000 emails, 133,000 projects, and 548,000 exposed users.

The exposed files also included Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property.

Once SOCRadar detected the data, its researchers investigated a storage area in a bucket where SQLServer backups are stored. Further investigations of the backups led researchers to discover links between the misconfigured bucket and other Azure Blob Storages. The company claimed that the amount and scale of the leaked data made it the most significant B2B data leak in the recent history of cyber security.

The research team informed Microsoft of the leak on 24 September, which then reconfigured the server to make it private within several hours. The pair then collaborated on investigating the leak and successfully mitigated the risk of exposure.

Microsoft has said it has found no indication that customer accounts or systems have been compromised as a result, but it has notified those affected by the incident directly.

It said the data included names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft, or an authorised Microsoft partner.

However, Microsoft has accused SOCRadar of exaggerating the severity of the incident, which has been blamed on an unintentional misconfiguration on an endpoint and not the result of a security vulnerability. Microsoft also claimed the server was not in use across the Microsoft ecosystem.

“We appreciate SOCRadar informing us about the misconfigured endpoint, but after reviewing their blog post, we first want to note that SOCRadar has greatly exaggerated the scope of this issue,” stated the company. “Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.”

SOCRadar has also provided a free service where companies can search their company names to see if they are impacted by any of the leaks. In response, Microsoft said it was disappointed by the release of a search tool, adding it was not in the best interest of ensuring customer privacy or security, and potentially exposing them to unnecessary risk.

It recommended that if security companies want to provide a similar tool, they should follow basic measures to enable data protection and privacy. This includes implementing a reasonable verification system, following data minimisation principles to ensure information is only delivered to that verified user, and not giving information out that belongs to different customers.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022
Microsoft issues emergency fixes for wide-reaching Kerberos issues
Software

Microsoft issues emergency fixes for wide-reaching Kerberos issues

21 Nov 2022
Microsoft targets optimised supply chain investments with new platform launch
Business operations

Microsoft targets optimised supply chain investments with new platform launch

16 Nov 2022
Microsoft says “it’s just too difficult” to effectively disrupt ransomware
Security

Microsoft says “it’s just too difficult” to effectively disrupt ransomware

4 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Q&A: Fred Voccola, Kaseya
channel

Q&A: Fred Voccola, Kaseya

30 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022