Microsoft confirms data breach exposing customer’s details

In the latest report, Microsoft has confirmed that the details of its customers have been exposed due to a misconfiguration in Microsoft server on an endpoint.

The exposed details include the contact numbers, email addresses, names, company details, invoices & contracts. As per the information, the size of the data exposed is estimated to be around 2.4 TB. The data breach was published by Security firm SOCRadar and they have termed the data leak as BlueBleed, referring to the sensitive information leaked by six misconfigured buckets.

Microsoft confirms data breach exposing customer’s details
Microsoft confirms data breach exposing customer’s details (Image Source: SOCRadar)

Post which Microsoft confirmed the data breach and released a statement stating “The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.” SOCRadar has stated that a “single misconfigured data bucket” was responsible for the exposure of data of the 65,000 affected companies which are based across 111 countries. Microsoft has denied the claims made by SOCRadar regarding the size of the data leak stating that the data set contains duplicate information and is not reliable. The misconfiguration in the server was reported on 24th September 2022.

Microsoft confirms data breach exposing customer’s details
Microsoft confirms data breach exposing customer’s details (Image Source: SOCRadar)

Microsoft has stated that the compromised endpoint has been secured and preventive measures have been taken. The company has not disclosed the type of data exposed and commented “We are unable to provide the specific affected data from this issue.” It further claims that the data leak was not a result of any vulnerability and that the sole reason for the data breach was the misconfiguration in the server.

See more: Kingfisher insurance falls victim to Lockbit 3.0 ransomware

See more: Airline Argentina passenger data has been compromised

Microsoft is not pleased with the way SOCRadar has been handling this breach, having stated that encouraging entities to use its search tool “is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.”

Follow on Facebook: Latest Hacking Updates

Leave a Reply

Your email address will not be published. Required fields are marked *