Microsoft has confirmed that sensitive information pertaining to customers may have been exposed due to a misconfigured server. However, it has strongly disputed the claims made by the group that reported it.
While weak account credentials can be alleviated with a password manager, systems configured in error like this present their own kind of threat to businesses.
Whilst Microsoft says there’s no indication that any customer accounts or systems were affected, it’s a stark reminder that even the largest companies are at risk.
Microsoft Systems Breached
SOCRadar, a threat intelligence organization, notified Microsoft in late September that the “sensitive data of 65,000+ entities in 111 countries” was leaked due to a misconfigured data bucket.
This week, Microsoft confirmed in a blog post that the issue “resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers.”
SOCRadar says in its own post that there were “more than 335,000 emails, 133,000 projects, and 548,000 exposed users within the leaks”.
Expanding on this, the intelligence firm said “POE documents, SOW documents, Invoices, Product orders, Product offers, Project details, Signed customer documents, POC (Proof of Concept) works, Customer emails, and Internal comments for customers” were exposed.
Is Microsoft Telling the Full Story?
Microsoft has held its hands up and accepted the misconfigured server exposed data, but also suggested that SOCRadar “greatly exaggerated the scope of this issue.”
“Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft says.
It added that while it takes the issue “very seriously” it was also disappointed that SOCRadar inflated “the numbers involved”, even after this mistake was highlighted.
Microsoft also took the time to criticize SOCRadar’s decision to release a “search tool” to the public to sift through the data, claiming it is “not in the best interest of ensuring customer privacy or security”.
Threats to Businesses are Multiplying
Even if SOCRadar did inflate the number of Microsoft customers affected by the misconfigured server, data was exposed nonetheless.
Businesses can mitigate risks like weak account credentials with tech fixes such as password managers. But widespread reliance on systems and servers provided by other companies, as well as the proliferation of third-party apps and integrations, means it's hard to cover every entry point to your network.
That’s why it’s important to pick your partners wisely, educate your staff, and implement a zero-trust model wherever you can.