Microsoft logo

Microsoft breach may have affected 65,000 companies in 111 countries

Posted on



What you need to know

  • Microsoft was alerted by security researchers at SOCRadar about a misconfigured endpoint that had exposed some customer information. Microsoft had quickly acted to correct its mistake to secure its customers’ data.
  • Though Microsoft would not reveal how many people were impacted, SOCRadar researchers claimed that 65,000 entities across 111 countries may have had their data compromised, which includes names, phone numbers, email addresses and content, company name, and attached files containing proprietary company information like proof of concept documents, sales data, product orders, and more. 
  • Microsoft disputed SOCRadar’s claims and fired back at the researchers stating that their estimations are over-exaggerated. Microsoft also took issue with SOCRadar’s use of the BlueBleed tool to crawl through servers to figure out what information, if any, may have been exposed as a result of security flaws or breaches. 
  • SOCRadar executives stated that the company does not keep any of the data it comes across and has since deleted any data that its tool may have accessed. SOCRadar expressed “disappointment” over accusations fired by Microsoft. 

Microsoft confirmed that a misconfigured system may have exposed customer data. The company revealed that it was informed of the isolated incident by researchers at SOCRadar, though both companies remain in disagreement over how many users were impacted and best practices that cybersecurity researchers should take when they encounter a breach or leak in the future. 

“Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint,” Microsoft wrote in a detailed security response blog post (opens in new tab). “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.”





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *