A misconfiguration of Endpoint systems at Microsoft made 2.4 terabytes of customer data publicly available. Cyber security provider SOCRadar informed the tech giant about this on September 24. Microsoft claims to have since fixed the bug and the data can only be accessed with the necessary authorization.
According to the SOCRadar report, the data breach affected more than 65,000 companies in 111 countries. Over 335,000 emails, 133,000 projects and 548,000 user files have been made publicly available.
🛑 Sensitive data from 65,000+ devices in 111 countries leaked due to a single misconfigured data bucket 🛑
🤯 SOCRadar has discovered that sensitive data from 65,000 devices became public due to a misconfigured server. #data leak https://t.co/Jv10fg7c6a…— SOCRadar® (@socradar) 19 October 2022
Microsoft disputes the extent of the data leak
Microsoft confirms that a configuration error is the source of the leak, but disputes the extent of the leak described by SOCRadar. The first internal investigations would have shown that many pieces of information are duplicates that refer several times to the same data. Affected customers have been notified.
Microsoft also criticizes the publication of a search tool by SOCRadar. According to the Redmond company, this tool requires no identity verification and thus unnecessarily exposes Microsoft customers to the risk of cyber attacks.