Ad Hoc News: Warning of "BlueBleed" data leak at Microsoft
by Tina Siering
Misconfigured Microsoft endpoint server publicly accessible via the Internet
In a blog post on 19.10.2022, Microsoft confirmed that sensitive customer data had been disclosed: Investigation Regarding Misconfigured Microsoft Storage Location.
The reason was a misconfigured Microsoft endpoint server that was publicly accessible via the internet. In total, it can be assumed that sensitive data from approximately 65,000 companies in 111 countries was publicly accessible. Security vendor SOCRadar had already tracked down the misconfigured server (dubbed "BlueBleed") in September and alerted Microsoft to the leak on 24 September 2022. Microsoft then immediately secured the affected server.
Customer data probably affected
Caused by an unintentional misconfiguration on an endpoint, the incident led to unauthenticated access to business transaction data between Microsoft (including leaked data from its analysis "Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/quotes, project details, PII (Personally Identifiable Information) and potential customer data (e.g. names, email addresses, email content, company names and phone numbers) and possibly attached files.
Meanwhile, the endpoint is only accessible with required authentication. Microsoft goes on to say that the internal investigation found no evidence that customer accounts or systems were compromised. Affected customers were notified directly of the incident.
More information and further links can also be found at: https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/.
We will publish further updates in this post on an ongoing basis.
Need help upgrading your IT security for 2022? Contact us!
Related articles
Back in mid-August 2022, unknown attackers gained access to servers of the password manager provider LastPass and were able to successfully copy internal data.
The company has now acknowledged the incident in a blog post and assured: Master passwords and user data in the encrypted password vault should not be affected. What users of the service should consider, however, can be read in the short blog post on the topic.
Deepfakes - media content deliberately manipulated by artificial intelligence - have been known to a broad public at least since the phone call between Minister Giffey and the (alleged) interlocutor Vitali Klitschko in June 2022. Deepfakes began as a technical gimmick in the digital world and have now reached a level that has become a real threat to organizations and companies worldwide. Through machine learning and the use of AI, videos and audio files can now be faked - and in such a way that they are almost indistinguishable from genuine content. Read this article to learn about the current threats posed by deepfakes and how companies, government agencies and private individuals can protect themselves from the manipulations.
IT security not only depends on the infrastructure and security technologies used, but also to a significant extent on the people who use the digital systems. While the security technologies used are now highly reliable, people are increasingly becoming a weak point. Cyber criminals usually look for the easiest way to obtain data or penetrate a network - and this way too often leads through uninformed, uninformed employees. Establishing a functioning culture of cybersecurity, regularly sensitizing all employees to existing threats and integrating them into the security concept as a "human firewall" is crucial for a company's overall IT security today.
Read more … Human Firewall: How to Successfully Build a Cybersecurity Culture