On September 24, the security firm SOCRadar disclosed to Microsoft the existence of a data leak of 2.4 terabytes belonging to 65,000 organizations. A configuration error of an Azure Blob Storage that has not been fixed for 5 years would be the cause of this event. Microsoft condemns an exaggeration on the part of SOCRadar.
Microsoft Azure, increasingly vulnerable
SOCRadar Extended Threat Intelligence researchers said they discovered a security flaw in Blog Storage on Azure. Using the BlueBLeed search portal allowed the company to assess the damage. This irregularity would have affected approximately 550,000 users, including 65,000 potential customers in 111 countries.
BleepingComputer, which revealed the intrusion of the Lapsus$ group last March at Microsoft, confirmed a massive data leak of around 2.4 TB on the Azure Blog Storage server and SQLServers databases between 2017 and August 2022. to believe the details put forth by SOCRadar, more than 335,000 emails, 133,000 projects, names, company names, contracts or even phone numbers have been leaked after a configuration issue.
SOCRadar would have inflated the numbers
In a press release published on October 19 on its website, Microsoft wanted to reassure customers who were concerned about the exposure of their data. ” Our investigation found no evidence that customer-owned accounts or systems were compromised “, the blog specified.
In other words, no third party could access this sensitive data despite a server configuration error. There was no collection or possible hearing, let alone disclosure.
” The issue was caused by an accidental misconfiguration of a device that is not used by the Microsoft ecosystem and is not the result of a security vulnerability. We are working to improve our processes to prevent this type of misconfiguration and perform additional checks to investigate and ensure the security of all Microsoft devices. “, said the American multinational.
Microsoft appreciated that SOCRadar alerted to a misconfiguration of the Azure Blob Storage server. However, the company, founded by Bill Gates in 1975, regretted the exaggerations about the extent of this error. Microsoft also regrets the publication of BlueBLeed, a search tool published by SOCRadar, which would facilitate access to sensitive data.