We will be happy to advise you!

Hotline:
+49 (0) 40 38 90 710

E-mail:
info@secion.de

Contact form

Ad Hoc News: Warning of "BlueBleed" data leak at Microsoft

by

Reading time: minutes ( words)
Warning of Microsoft data leak due to misconfigured server

Misconfigured Microsoft endpoint server publicly accessible via the Internet

In a blog post on 19.10.2022, Microsoft confirmed that sensitive customer data had been disclosed: Investigation Regarding Misconfigured Microsoft Storage Location.

The reason was a misconfigured Microsoft endpoint server that was publicly accessible via the internet. In total, it can be assumed that sensitive data from approximately 65,000 companies in 111 countries was publicly accessible. Security vendor SOCRadar had already tracked down the misconfigured server (dubbed "BlueBleed") in September and alerted Microsoft to the leak on 24 September 2022. Microsoft then immediately secured the affected server.

Customer data probably affected

Caused by an unintentional misconfiguration on an endpoint, the incident led to unauthenticated access to business transaction data between Microsoft (including leaked data from its analysis "Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/quotes, project details, PII (Personally Identifiable Information) and potential customer data (e.g. names, email addresses, email content, company names and phone numbers) and possibly attached files.
Meanwhile, the endpoint is only accessible with required authentication. Microsoft goes on to say that the internal investigation found no evidence that customer accounts or systems were compromised. Affected customers were notified directly of the incident.
More information and further links can also be found at: https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/.

We will publish further updates in this post on an ongoing basis.

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion GmbH.

* Mandatory field

Go back

Related articles

Learn to hack - the TOP 5 YouTube recommendations of our IT Security Consultants

Learn hacking with YouTube: Our top 5 recommendations

Whether white-hat, black-hat or grey-hat: the basis for successful hacking is always the willingness to learn. Ambition, motivation and personal commitment pay off particularly well in the field of ethical hacking. This is because pentesters are sought-after specialists who are inundated with well-paid job offers, especially in times of extensive digitization. If you are interested in hacking, are considering a career in the field, or simply want to learn more about the methods and techniques of ethical hackers, we recommend the TOP 5 YouTube recommendations of our IT security consultants.

Different types of malware, potential threats and tips for protection!

Malware - How organizations protect against the danger

Malware, composed of "MALicious" and "SoftWARE", is the generic term for malicious software explicitly created to infect IT systems. This buzzword covers a wide variety of malware - from viruses and worms to adware and spyware, rootkits and ransomware. In this article, we show the different types of malware, assess the threat potential for your company and provide valuable tips on how you can protect IT systems, networks and end devices from the numerous threats.