Microsoft Leaks Business Customer Data Via Misconfigured Storage Server

pcmag.com:

Microsoft says it accidentally leaked business transaction data between the software giant and potential customers. However, the company is trying to downplay the leak as a cybersecurity firm claims the exposure ensnared 65,000 entities across the globe, many of them companies.

On Sept. 24, cybersecurity firm SOCRadar notified Microsoft about the leak, which occurred via an online storage system that had been misconfigured for open access. 

In a blog post(Opens in a new window) on Wednesday, Microsoft said: “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.”

The exposed information included “names, email addresses, email content, company name, and phone numbers,” along with attached business documents. The company was quick to secure the storage system by adding an authentication requirement. Microsoft also says its investigation “found no indication customer accounts or systems were compromised.”

In addition, the software giant has been notifying affected customers. But at the same time, Microsoft is criticizing SOCRadar for allegedly “exaggerating” the scale of the leak.

In its own blog post(Opens in a new window), SOCRadar says the misconfigured Microsoft storage contained sensitive data on 65,000 entities across 111 countries. Specifically, the exposed data was held inside an Azure Blob Storage from Microsoft, which is designed to hold and analyze large amounts of unstructured data. 

“The leak includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product