Microsoft recently confirmed that a “misconfigured endpoint” was responsible for the exposure and leak of Microsoft customer data. The security lapse left an endpoint publicly accessible over the internet without any authentication.
Well, the misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cybersecurity company SOCRadar. This entire leak has been termed as BlueBleed.
Even though Microsoft hasn’t revealed the exact number of impacted customers, SOCRadar suggests that the leak affected 65,000 entities in 111 countries.
A total of around 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, and partner ecosystem details, among others were leaked.
At the time of writing this article, Microsoft said that it’s in the process of directly notifying impacted customers.
In an alert, Microsoft stated that,
“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,”
Now SOCRadar has made its BlueBleed search portal available to Microsoft customers who might be concerned that they have been affected by the leak. That said, it seems Microsoft is not happy with the way SOCRadar handled this breach.
In an official statement, Microsoft stated that encouraging entities to use its search tool “is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.”
In response, SOCRadar VP of Research and CISO Ensar Seker told BleepingComputer that,
“No data was downloaded. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems,”
“We redirect all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. Search can be done via metadata (company name, domain name, and email). Due to persistent pressure from Microsoft, we even have to take down our query page today,” he added.
