Microsoft says it accidentally leaked business transaction data between the software giant and potential customers. However, the company is trying to downplay the leak as a cybersecurity firm claims the exposure ensnared 65,000 entities across the globe, many of them companies.
On Sept. 24, cybersecurity firm SOCRadar notified Microsoft about the leak, which occurred via an online storage system that had been misconfigured for open access.
In a blog post(Opens in a new window) on Wednesday, Microsoft said: “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.”
The exposed information included “names, email addresses, email content, company name, and phone numbers,” along with attached business documents. The company was quick to secure the storage system by adding an authentication requirement. Microsoft also says its investigation “found no indication customer accounts or systems were compromised.”
In addition, the software giant has been notifying affected customers. But at the same time, Microsoft is criticizing SOCRadar for allegedly “exaggerating” the scale of the leak.
In its own blog post(Opens in a new window), SOCRadar says the misconfigured Microsoft storage contained sensitive data on 65,000 entities across 111 countries. Specifically, the exposed data was held inside an Azure Blob Storage from Microsoft, which is designed to hold and analyze large amounts of unstructured data.
“The leak includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property,” Virginia-based SOCRadar claims; 335,000 emails were also found in the leak.
The cybersecurity firm discovered the exposed data through a company product that can scan the internet for misconfigured cloud servers exposing sensitive data. It’s unclear if any malicious hackers managed to access and copy the data from the misconfigured Microsoft storage server. But if they did, SOCRadar warns the attackers now have a trove of information on “tens of thousands of companies” they can exploit for further attacks.
“As a result of our investigations on the misconfigured server, SQLServer databases, and other files, SOCRadar researchers discovered publicly available 2.4TB of data containing sensitive information belonging to Microsoft. The exposed data include files dated from 2017 to August 2022,” the cybersecurity firm added.
However, Microsoft is accusing SOCRadar of inflating the leak’s severity. “Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft wrote in its own blog post. “We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.”
Microsoft is also disappointed with how SOCRadar has created a search tool(Opens in a new window) enabling victims of the leak to see if they were affected. The problem is that anyone—including a business, journalist or a hacker—can type in a company’s name into the search tool to determine if they were in the leak. The user can then see more data about the leak by registering for a free edition of SOCRadar’s Cyber Threat Intelligence product.
