Skip to main content

Microsoft data breach exposed sensitive data of 65,000 companies

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

SOCRadar Cloud Security Module discovered a misconfigured Microsoft Server on September 24, 2022.
Image used with permission by copyright holder

Having been made aware of the breach on September 24, 2022, Microsoft released a statement saying it had secured the comprised endpoint, which is “now only accessible with required authentication,” and that an investigation “found no indication customer accounts or systems were compromised.”

The company also stated that it has directed contacted customers that were affected by the breach.

However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. The security firm noted that while Microsoft might have taken swift action on fixing the misconfigured server, its research was able to connect the 65,000 entities uncovered to a file data composed between 2017 and 20222, according to Bleeping Computer.

Microsoft has not been pleased with SOCRadar’s handling of this breach, having stated that encouraging entities to use its search tool “is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.”

The research firm insists that it has not overstepped any privacy protocols in its work and none of the information it uncovered was saved on its end.

“No data was downloaded. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems,” SOCRadar VP of Research and CISO Ensar Şeker told BleepingComputer.

“We redirect all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. Search can be done via metadata (company name, domain name, and email). Due to persistent pressure from Microsoft, we even have to take down our query page today,” he added.

Microsoft itself has not publicly shared any detailed statistics about the data breach.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Update Windows now — Microsoft just fixed several dangerous exploits
Person sitting and using an HP computer with Windows 11.

Microsoft has just released a new patch, and this time around, the update comes with fixes for several dangerous and actively abused vulnerabilities and exploits in Windows.

A total of 68 vulnerabilities were addressed in the patch, many of them critical. Here's what was fixed and how to make sure your Windows device is up to date.

Read more
Microsoft Edge now warns when your typos can lead to being phished
Microsoft Defender SmartScreen helps protect users against websites that engage in phishing and malware campaigns.

Microsoft has detailed its latest effort to protect against various types of fraud that can happen via a method as simple as spelling a website URL incorrectly.

The company has announced as of Monday that it is adding website typo protection to its Microsoft Defender SmartScreen service, to aid against web threats such as “typosquatters.” These types of cybercrime can include phishing, malware, and other scams.

Read more
North Korean hackers create fake job offers to steal important data
A depiction of a hacker breaking into a system via the use of code.

Lazarus, a state-sponsored hacker group based in North Korea, is now using open-source software and creating fake jobs in order to spread malware, says Microsoft.

The well-known group of hackers is targeting many key industry sectors, such as technology, media entertainment, and defense, and it's using many different kinds of software to carry out these attacks.

Read more