“Threat actors who may have accessed the bucket may use this information in different forms for extortion, blackmailing, creating social engineering tactics with the help of exposed information, or simply selling the information to the highest bidder on the dark web and Telegram channels,” SOCRadar stated. Microsoft has acknowledged the breach, stating the data leak came from a misconfigured endpoint that is no longer in use. It added that SOCRadar has “greatly exaggerated the scope of this issue,” as the dataset contains duplicate information. Microsoft did not reveal how many entities were impacted by the breach, however, it said it has already reached out to those affected.
Misconfigured Azure Blob Storage Behind Data Leak
SOCRadar said the Microsoft data leak came down to a misconfigured Azure Blob Storage bucket. Its built-in Cloud Security module monitors the internet for exposed endpoints that may leak customer data. SOCRadar noted that the Microsoft bucket leak is one of six major leaks involving B2B data it has recently uncovered. The company refers to the leaks collectively as BlueBleed. SOCRadar said it found 2.4TB of sensitive data belonging to Microsoft. So far, it has found over 335,000 emails, 133,000 projects, and 548,000 exposed users. It said the exposed bucket contained information such as customer emails, invoices, product orders, project details, sales strategies, and customer asset documents, to name a few. Microsoft, confirming the incident, said the exposed endpoint contained certain “business transaction data.” This includes names, email addresses, email content, company name, and phone numbers. The company added that the bucket “may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner.” “Threat actors constantly scan public storage buckets for sensitive data. They have the resources and means to automate the scanning with advanced tools,” SPOCRadar said.
Microsoft Calls out SPOCRadar for Publishing Search Tool
Microsoft said it would work on preventing a similar misconfiguration in the future, and thanked SPOCRadar for notifying them about the endpoint. However, Microsoft said SPOCRadar exaggerated the scope of the incident. “Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” MSRC stated. “We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error,” it added. Microsoft was also critical of SPOCRadar for publicly releasing its threat-hunting module. The module provides up-to-date information on data leaks, and deep web information. Microsoft said that publishing the tool exposed customers to unnecessary risks. Furthermore, it urged other companies which seek to publish similar tools to follow certain basic privacy measures before doing so.
Cloud Storage Leaks Are a Huge Cybersecurity Concern
In our own independent cybersecurity research at VPNOverview, we have uncovered several instances of exposed customer data due to misconfigured cloud storage buckets. Indian job search site Rocket leaked the information of over 240,000 of its users in August, while gaming platform GoodGamer exposed the personal data of over 380,000 users. Marketing firm PlatformQ leaked the information of 100,000 doctors, nurses and other healthcare professionals across the United States. Our cybersecurity research team contacted the companies, which were able to seal the leaks before malicious actors could get to the data. If you’re a cloud services user and found this article interesting, we recommend checking out our guide to securing AWS S3 Buckets.