Microsoft breach may have affected 65,000 companies in 111 countries

Another day, another leak in cyber world

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

Microsoftconfirmed that a misconfigured system may have exposed customer data. The company revealed that it was informed of the isolated incident by researchers at SOCRadar, though both companies remain in disagreement over how many users were impacted and best practices that cybersecurity researchers should take when they encounter a breach or leak in the future.

“Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint,” Microsoft wrote in a detailed security responseblog post. “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.”

The company revealed that information that may have been exposed as a result of the breach include names, email addresses, email content, company name, phone numbers, and other attached files, but Microsoft stopped short of revealing how many entities were impacted. Microsoft said that it does not believe that any data was improperly accessed prior to correcting the security flaw.

Even though Microsoft’s investigation revealed that no customer accounts or systems were compromised, the SOCRadar security researchers who notified Microsoft of its misconfigured server were able to link information directly back to 65,000 entities across 111 countries in file data composed between 2017 and 20222, according to a report onBleeping Computer.

For its part, Microsoft claimed that it had quickly secured its servers upon being notified, and that it has alerted affected customers of the potential data breach.

“We’ve confirmed that the endpoint has been secured as of Saturday, September 24, 2022, and it is now only accessible with required authentication,” Microsoft said. “Our investigation did not find indicators of compromise of the exposed storage location. Additionally, we found that no customer accounts and systems were compromised due to unrestricted access. However, an external security research firm who reported the issue to Microsoft, confirmed that they had accessed the data as a part of their research and investigation into the issue.”

Microsoft also fired back at SOCRadar for exaggerating the scope of the issue, so it’s unclear if that company’s report that 65,000 entities affected hold true.

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

“Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft said. “We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.”

Additionally, Microsoft had issue with the way that SOCRadar researchers handled their discovery of the breach by using a search tool to try to connect the data.

“More importantly, we are disappointed that SOCRadar has chosen to release publicly a ‘search tool’ that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk,” Microsoft added in its response.

SOCRadar uses its BlueBleed tool to crawl through compromised systems to find out what information can readily be obtainable and accessible by malicious actors. BlueBleed discovered 2.4TB of data, including 335,000 emails, 133,000 projects, and 584,000 exposed users, according to a report on Bleeping Computer.

In recent years under the leadership of CEO Satya Nadella, Microsoft made data security and privacy practices central pillars of of its operations, so it is refreshing to see the company take swift action to correcting the security flaw. However, it would have been nice to see more transparency from Microsoft about the severity of the breach and how many people may have been impacted, especially in light of the data that SOCRadar was able to collect. Of the files that were collected, SOCRadar’s analysis revealed that these included proof of concept works, internal comments and sales strategies, customer asset documents, product orders, offers, and more.

SOCRadar VP of Research Ensa Seker told the publication that no data was shared with anyone through the use of BlueBleed, and all the data that it had collected has since been deleted.

“The leaked data does not belong to us, so we keep no data at all,” Seker told Bleeping Computer, noting that his company was disappointed with Microsoft’s accusations.

If you have been impacted from this potential data breach, you will receive details and instructions from Microsoft.

Earlier this year, Microsoft, along with other technology firms, made headlines for a series of unrelated breaches as a result of cyber hacking from theLapsus$group. The company has also been making a bigger push and investment in cybersecurity with its newMicrosoft Security Experts programand integratingsecurity intelligenceinto its Windows Defender tool.

Chuong’s passion for gadgets began with the humble PDA. Since then, he has covered a range of consumer and enterprise devices, raning from smartphones to tablets, laptops to desktops and everything in between for publications like Pocketnow, Digital Trends, Wareable, Paste Magazine, and TechRadar in the past before joining the awesome team at Windows Central. Based in the San Francisco Bay Area, when not working, he likes exploring the diverse and eclectic food scene, taking short jaunts to wine country, soaking in the sun along California’s coast, consuming news, and finding new hiking trails.