Ad Hoc News: Warning of "BlueBleed" data leak at Microsoft
by Tina Siering
Misconfigured Microsoft endpoint server publicly accessible via the Internet
In a blog post on 19.10.2022, Microsoft confirmed that sensitive customer data had been disclosed: Investigation Regarding Misconfigured Microsoft Storage Location.
The reason was a misconfigured Microsoft endpoint server that was publicly accessible via the internet. In total, it can be assumed that sensitive data from approximately 65,000 companies in 111 countries was publicly accessible. Security vendor SOCRadar had already tracked down the misconfigured server (dubbed "BlueBleed") in September and alerted Microsoft to the leak on 24 September 2022. Microsoft then immediately secured the affected server.
Customer data probably affected
Caused by an unintentional misconfiguration on an endpoint, the incident led to unauthenticated access to business transaction data between Microsoft (including leaked data from its analysis "Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/quotes, project details, PII (Personally Identifiable Information) and potential customer data (e.g. names, email addresses, email content, company names and phone numbers) and possibly attached files.
Meanwhile, the endpoint is only accessible with required authentication. Microsoft goes on to say that the internal investigation found no evidence that customer accounts or systems were compromised. Affected customers were notified directly of the incident.
More information and further links can also be found at: https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/.
We will publish further updates in this post on an ongoing basis.